Re: Authenticating users in an n-Tier/layer architecture

• Previous message: Chris Blanco: "Re: Authenticating users in an n-Tier/layer architecture"
• In reply to: Chris Blanco: "Re: Authenticating users in an n-Tier/layer architecture"
• Next in thread: Chris Blanco: "Re: Authenticating users in an n-Tier/layer architecture"
• Reply: Chris Blanco: "Re: Authenticating users in an n-Tier/layer architecture"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Joseph Geretz" <jgeretz@nospam.com>
Date: Thu, 20 Mar 2003 17:55:20 -0500

Hi Chris,

OK, as far as initial authentication goes. However, as far as authorization
for specific request/transactions, it sounds to me like you'll be assuming
the burden of drilling the identifying ticket down through the call stack as
you progress through the tiers. If you develop a method which you assume
will not need any authorization services, and then this method subsequently
calls a server method which needs the ticket, you'll be stuck. Might you
find yourself in one of these following situations?

1. Crafting *every* method in your entire application to pass the ticket.
(Safe, but a bit awkward.)

2. finding yourself needing to frequently revise method signatures in order
to pass the ticket.

The advantage to the COM+ approach is that the 'ticket', that is the
identity of the original caller, flows naturally throughout the duration of
the request/transaction. It's part of the intrinsic COM+ environment and you
don't need to write explicit code in order to pass it.

Anyway, good luck with whatever approach you adopt.

- Joe Geretz -

"Chris Blanco" <cblancoNOSPAM@necam.com> wrote in message
news:O065nOy7CHA.3332@TK2MSFTNGP11.phx.gbl...
> I did a little more research and came up with a better example. I need to
> provide my users with the ability to either authenticate with a user name
> and encrypted password or with a Windows Domain Controller. Here is an
> article that gave me the idea:
>
> http://www.codeproject.com/aspnet/formsroleauth.asp
>
> Using this example I can control how the user is Authenticated. I will
then
> require all calls to pass a User name and AUTH ticket that will be used to
> validate them. Its hard to explain here but, thanks for the help!

• Previous message: Chris Blanco: "Re: Authenticating users in an n-Tier/layer architecture"
• In reply to: Chris Blanco: "Re: Authenticating users in an n-Tier/layer architecture"
• Next in thread: Chris Blanco: "Re: Authenticating users in an n-Tier/layer architecture"
• Reply: Chris Blanco: "Re: Authenticating users in an n-Tier/layer architecture"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]