Re: Authenticating users in an n-Tier/layer architecture
From: Chris Blanco (cblancoNOSPAM@necam.com)
Date: 03/21/03
- Next message: Joseph Geretz: "Re: Authenticating users in an n-Tier/layer architecture"
- Previous message: Saravana: "Re: Remote Machine Name"
- In reply to: Joseph Geretz: "Re: Authenticating users in an n-Tier/layer architecture"
- Next in thread: Joseph Geretz: "Re: Authenticating users in an n-Tier/layer architecture"
- Reply: Joseph Geretz: "Re: Authenticating users in an n-Tier/layer architecture"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Chris Blanco" <cblancoNOSPAM@necam.com> Date: Fri, 21 Mar 2003 09:42:10 -0500
The main problem I have with COM+ is that the main service for my APP is
legacy code and not designed to be COM compliant. Which is throwing a kink
in the whole operation. The service is VERY LARGE and CANNOT be converted to
managed code within the time frame we have. Currently we communicate with
the unmanaged code with XML over a TCP/IP transport service we created. This
is where the security problems kick in.
"Joseph Geretz" <jgeretz@nospam.com> wrote in message
news:#tE7NNz7CHA.2196@TK2MSFTNGP12.phx.gbl...
> Hi Chris,
>
> OK, as far as initial authentication goes. However, as far as
authorization
> for specific request/transactions, it sounds to me like you'll be assuming
> the burden of drilling the identifying ticket down through the call stack
as
> you progress through the tiers. If you develop a method which you assume
> will not need any authorization services, and then this method
subsequently
> calls a server method which needs the ticket, you'll be stuck. Might you
> find yourself in one of these following situations?
>
> 1. Crafting *every* method in your entire application to pass the ticket.
> (Safe, but a bit awkward.)
>
> 2. finding yourself needing to frequently revise method signatures in
order
> to pass the ticket.
>
> The advantage to the COM+ approach is that the 'ticket', that is the
> identity of the original caller, flows naturally throughout the duration
of
> the request/transaction. It's part of the intrinsic COM+ environment and
you
> don't need to write explicit code in order to pass it.
>
> Anyway, good luck with whatever approach you adopt.
>
> - Joe Geretz -
>
> "Chris Blanco" <cblancoNOSPAM@necam.com> wrote in message
> news:O065nOy7CHA.3332@TK2MSFTNGP11.phx.gbl...
> > I did a little more research and came up with a better example. I need
to
> > provide my users with the ability to either authenticate with a user
name
> > and encrypted password or with a Windows Domain Controller. Here is an
> > article that gave me the idea:
> >
> > http://www.codeproject.com/aspnet/formsroleauth.asp
> >
> > Using this example I can control how the user is Authenticated. I will
> then
> > require all calls to pass a User name and AUTH ticket that will be used
to
> > validate them. Its hard to explain here but, thanks for the help!
>
>
- Next message: Joseph Geretz: "Re: Authenticating users in an n-Tier/layer architecture"
- Previous message: Saravana: "Re: Remote Machine Name"
- In reply to: Joseph Geretz: "Re: Authenticating users in an n-Tier/layer architecture"
- Next in thread: Joseph Geretz: "Re: Authenticating users in an n-Tier/layer architecture"
- Reply: Joseph Geretz: "Re: Authenticating users in an n-Tier/layer architecture"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
