 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / Windows Forms / WinForm General / July 2006Windows versus Application Security
I have a client that wants me to set up security for an windows .NET application using SQL Server 2000 as the DBMS. Currently we use the built in Windows security to define login and access to the database. The problem is that there is a lot of turnover and users work at multiple XP workstations. So everyone logins under a common user name and password. Creating, managing and removing windows domain accounts are not the problem. The problem is that every time a new user logs on an XP workstation, that user's folder structure is created on that machine. So, event though individual windows accounts are manageable, having to go through each workstation and clear out the users folders when they leave is not manageable -- not to mention the waste of disk space. Is there a way to prevent XP from creating the individual user's folder structure for each user? If I must create an application login system, what is the best way to do this? That is how do I pass the identity of the user from one form to another? WR Another option could be to use roaming profiles http://support.microsoft.com/kb/243420/en-us allowing the profile to be always available and allowing deletion server side... Looks like more a question for an admin group... I'm not sure for the other part what you are trying to do ? Do you have a SQL Server 2000 application that doesn't relate to this or do you mean you could have to create one to workaround this profile issue ?  SignaturePatrice >I have a client that wants me to set up security for an windows .NET > application using SQL Server 2000 as the DBMS. Currently we use the built [quoted text clipped - 22 lines] > > WR Actually the only purpose of this is to capture who does what in the application. There are already various status tables the capture who does what but is based on the windows login right which does not identify the actual individual. For example: When an order is placed, an entry is made into the OrderStatus table which contains the Order_ID, Status (in this case -- Placed), date, and user identification. We most likely will continue to use their built in windows identity to control access to the database. So when Willy Wonka logins into his work station he logins as PCUser. But when he opens the application, he must login as Willy Wonka and that identity must be passed around for the purpose of recording entries in these status tables. WR > Another option could be to use roaming profiles > http://support.microsoft.com/kb/243420/en-us allowing the profile to be [quoted text clipped - 31 lines] > > > > WR It would be then some kind of applicative authorization. So you would just have a login entry from that check the user likely from an account list stored in the DB. This identity is kept global in the windows Application and is passed to the server as needed (where it can be recorded or matched with the account list). As a side note I'm afraid it could suffer from the same problem (if they already pass their credentials along to peers for Windows, why not for a custom application as they 'll have anyway also to manage accounts inside the application, and it seems they don't want to bother doing this for Windows). Good luck. SignaturePatrice > Actually the only purpose of this is to capture who does what in the > application. There are already various status tables the capture who does [quoted text clipped - 55 lines] >> > >> > WR You are correct. The question is how to maintain this globally in a Windows application. I know how to do this in a Web application using a Session variable. What is the equivalent in a Windows Application? wR > It would be then some kind of applicative authorization. > [quoted text clipped - 70 lines] > >> > > >> > WR You don't have this kind of problem in a Windows application as the application is always alive. You can easily keep whatever values you want in a static/shared members of a class. http://msdn.microsoft.com/msdnmag/issues/05/04/Security/ goes far beyond and is perhaps a bit overkill but reading it may raise few ideas (basically the idea is to use the ASP.NET 2.0 security architecture from your Windows application). SignaturePatrice > You are correct. The question is how to maintain this globally in a > Windows [quoted text clipped - 95 lines] >> >> > >> >> > WR Yep that is what I did. I creatred this simple Class: Public Class User Shared m_UserName As String Public Property UserName() As String Get Return m_UserName End Get Set(ByVal Value As String) m_UserName = Value End Set End Property Public Function GetUserName(ByVal sUser As String, ByVal sPassword As String) As String Return Me.UserName End Function End Class > You don't have this kind of problem in a Windows application as the > application is always alive. You can easily keep whatever values you want in [quoted text clipped - 103 lines] > >> >> > > >> >> > WR Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.