Re: User Authentication, Active Directory and more (help)
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 06/17/04
- Previous message: Oddmar Sandvik: "SSL certificate validation fails in windows service"
- In reply to: Timothy Parez: "User Authentication, Active Directory and more (help)"
- Next in thread: Timothy Parez: "Re: User Authentication, Active Directory and more (help)"
- Reply: Timothy Parez: "Re: User Authentication, Active Directory and more (help)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 17 Jun 2004 10:22:25 -0500
Yes, .NET can make use of any Windows account (local machine, NT4 domain or
AD) for authentication and authorization.
The built-in support for this is in the WindowsIdentity and WindowsPrincipal
classes. WindowsIdentity represents the Windows user and is basicallly a
wrapper around the Windows login token. WindowsPrincipal contains a
WindowsIdentity and provides the ability to do role-based authorization
against a user's Windows groups by calling the IsInRole method with the
Windows group name. You can get the current WindowsIdentity at any time by
calling WindowsIdentity.GetCurrent().
The WindowsPrincipal class can be associated automatically with the
currently executing thread as well. The mechanism for doing this is
different depending on whether it is an ASP.NET or WinForms/Console app.
This association allows you to take advantage of the
PrincipalPermissionAttribute for doing declarative security in .NET. There
is quite a bit of explanation of this stuff that you can find in MSDN if you
need specifics, or you can ask here.
Joe K.
"Timothy Parez" <tpsoftware@users.sourceforge.net> wrote in message
news:X6CdnTDpUNfLs0zdRVn-jA@scarlet.biz...
> Hi,
>
> Can a .NET application make use of the information within the Active
> Directory in order to Authenticate and Authorize users?
>
> For example users from a specific group have been authorize to use a
> number of features in the application while users from another group
> have not.
>
> I know there is something called Code Access Security, but there seem to
> be classes for the Active Directory Services and classes for something
> called Windows Principle.
>
> I wonder if someone could get me started with this.
>
> Another thing is, can devices running the Compact Framework
> be authenticated and authorized in the same way (since they don't have a
> user logged on) Can they be a valid member of a domain ?
>
>
> Thnx.
- Previous message: Oddmar Sandvik: "SSL certificate validation fails in windows service"
- In reply to: Timothy Parez: "User Authentication, Active Directory and more (help)"
- Next in thread: Timothy Parez: "Re: User Authentication, Active Directory and more (help)"
- Reply: Timothy Parez: "Re: User Authentication, Active Directory and more (help)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
