Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Security / September 2006

Tip: Looking for answers? Try searching our database.

Security Windows Application and Web application

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Lammert - 20 Sep 2006 21:32 GMT
Hi everyone,

I create a windows application and a web application (.NET 2.0). The
windows and web application uses the same Business Logic Layer and Data
Access Layer. How can I secure the windows and web application with the
same code?

Some specifactions:
1. Many users.
2. Many roles.
3. Users can have roles.
4. Some users use Windows authentication and other users a normal
username and password (is this possible?) Maybe there are other
possibilities?
5. The Windows application is also a client application (it works with
.NET Remoting).

What is the best solution? Thanks in advance......
Reply to this Message
Joseph Bittman MVP MCSD - 24 Sep 2006 04:12 GMT
Sept. 23, 2006

That isn't exactly easy nor perfectly "sharable" between those
applications.

The closest you could probably get, is to have the Web application be Forms
Authentication... which then means no windows authentication, which means
each user will have to provide a username and password, which you need to
maintain in a secure database.... you could then use the same code to query
the DB and see if the user is authenticated/authorized to logon, which could
be used in both the windows/web applications.... however, just make sure the
communication channels are secure for this information. The web application
would require the user sending the username/password over the internet (or
intranet), which means you'd need something like SSL to protect it from
someone sniffing the wire.

Although the abstraction of the Biz/Data layer is pretty good at being
re-usable between applications..... when you get to security - there are
un-avoidable differences between application types... and require each
unique thought and coding.

I hope this helps lead you in the right direction...

Signature

                      Joseph Bittman
    Microsoft Certified Solution Developer
Microsoft Most Valuable Professional -- DPM

Blog/Web Site: http://CactiDevelopers.ResDev.Net/

> Hi everyone,
>
[quoted text clipped - 14 lines]
>
> What is the best solution? Thanks in advance......
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.