Re: GenericPrincipal

Right, but what I'm saying is that all of the other frameworks for doing
this have code to authenticate the user, recreate the principal and perform
authorization on each request and so must your code. If you need to save
your roles in between executions to avoid a round trip to the db to look
them up again, then you need to persist them in cache, session or in a
secure cookie and regenerate them that way.

People usually use the membership providers so they don't have to write all
that code.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Erick" <josefszeliga@xxxxxxxxxxx> wrote in message
news:1189382631.010209.256770@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
The genericprincipal is there to use for when you don't want to use
forms or windows authtentication. I want to create a single
genericprincipal object for windows authtenticated users within our
domain and for users comming in through our internet.

Once I have a principal object I can then add roles to the principal
object and use that to authorize my users through the rest of the
application. I only want to get their roles once at the start of their
session. Then use that for authorization throughout the application

Like this
If my.user.isinrole("administrator") then
....
...
end if

If i use forms authentication for those comming in from the outside I
can use the code above but for users within our domain i would need to
write something like this to handle nt security groups

If my.user.isinrole("OurDomain\ag myapplication administratorsgourp")
then
...
,,
end if

The code shouldn't really care that my administator is external or
internal ..once authenticated the authorization should be the same.

So i want to convert both forms and windows into generic. Then use
the one type of syntax throughout. My issue is that the principal
object should apply for the entire users session. It makes no sense
to have to authorize and authenticate some one on each request. Just
once per session is required.



.

Relevant Pages

  • Re: AuthorizationStoreRoleProvider Issues
    ... authenticate fine but no one is now able to enter the application. ... I have my roles configured through azMan and they are mapping to the ... enhancements as far as roles based and authorization based security. ... Tim belongs to the DCO_User group, while TestMan does not belong to ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Problem with IIS and Group Premissions.
    ... "not authenticate" is a 401.1 error and "not authorized" ... > Authorization means that the Windows account you are using has appropriate ... > restricted area of the website. ...
    (microsoft.public.inetserver.iis)
  • Help With Security Please
    ... and I am wondering how I shoudl handle security. ... first inclination is to use the Web.config and use Authorization to ... here connect to Active Directory and authenticate the users that way, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Client/server application and Windows Integrated Auth
    ... Why not let the datastore authenticate the user and do the authorization ... There is only a client application than ...
    (microsoft.public.dotnet.framework.windowsforms)
  • Re: Client/server application and Windows Integrated Auth
    ... Why not let the datastore authenticate the user and do the authorization ... There is only a client application than ...
    (microsoft.public.platformsdk.security)