Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / Languages / C# / October 2007

Tip: Looking for answers? Try searching our database.

implementing security in an .NET application

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Jeff - 24 Oct 2007 10:15 GMT
Hey

I have an application made in .NET 2.0. Now I want to implement security
into it. I want to set permissions on who can start the application and what
they can do in the application

So on this application I've thought about adding a page where administrator
can add users and set their individual permissions in the program.

Originally I thought about implementing this by storing all users in a table
and link this user table to a table containing all the windows in the
application.. but I don't think that is an good approach

All users will also exists in Active Directory, could Active Directory be
used in this scenario?

Any suggestions?

Best Regards
Reply to this Message
Peter Bromberg [C# MVP] - 24 Oct 2007 12:19 GMT
Jeff,
When you say "adding a Page" we must then assume you are referring to an
ASP.NET web application. In that case you probably would be better served
posting your question to the ASP.NET newsgroup, not the C# language group.

If you go to the QUICKSTARTS at the asp.net site, you can find all kinds of
info and sample code on how to set up Authentication, Roles and Profies using
the built-in provider mechanism. There is an Active Directory provider too.
-- Peter
Recursion: see Recursion
site:  http://www.eggheadcafe.com
unBlog:  http://petesbloggerama.blogspot.com
BlogMetaFinder:    http://www.blogmetafinder.com

> Hey
>
[quoted text clipped - 15 lines]
>
> Best Regards
Reply to this Message
Jeff - 24 Oct 2007 13:04 GMT
sorry I wasn't clear about this, I mean form. it is an windows application
Reply to this Message
Peter Ritchie [C# MVP] - 24 Oct 2007 16:49 GMT
To a certain extent it's up to the application to implement authorization and
authentication.

You can use code access security (CAS) to limit what a user can do; but
you'll either have to test or use exceptions and catch the
SecurityExceptions.  Plus, if your code is FullTrust some of those CAS
attributes simply won't be tested.

There's a few interfaces that help you implement application-specific
authorization and authentication.  See System.Security.IIdentity and
System.Security.IPrincipal.  If you want to base your authorization on a
Windows login (for which Windows would handle the authentication) then you
can have a look at WindowsIdentity and WindowsPrinicpal.  See also
System.Threading.Thread.CurrentPrincipal.

Signature

Browse http://connect.microsoft.com/VisualStudio/feedback/ and vote.
http://www.peterRitchie.com/blog/
Microsoft MVP, Visual Developer - Visual C#

> Hey
>
[quoted text clipped - 15 lines]
>
> Best Regards
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.