Re: System.Security.Principal.IdentityReference



We are writing a distributed application framework. As with most
applications, we separate into two distinct categories: extranet and
intranet. Regardless of which camp an application resides, we offer two
options with respect to authentication: (1) native authentication and (2)
custom authentication. Regardless of the chosen scenario, we augment the
principal with security profile information (business "stuff"). To keep the
link between our principal, identity, and security profile we use identity
references.

Therefore, there are four scenarios:

1. Intranet application, native authentication. For this [widely used] case,
we use the native WindowsIdentity "wrapped" with a custom principal.

2. Intranet application, custom authentication. For this case, we use a
custom identity "wrapped" with a custom principal.

3. Extranet application, native authentication. For this case, we use the
native WindowsIdentity "wrapped" with a custom principal. We use protocol
transition and obtain the Kerberos credentials without knowning the user's
password; nice feature.

4. Extranet application, custom authentication. For this case, we use a
custom identity "wrapped" with a custom principal.

For native authentication, we map the identity to a security profile using
one of three options: (1) use the NTAccount class or the (2)
SecurityIdentifier class, or (3) the objectId associated to the user within
AD. However, for custom authentication we do not have an option and wanted
to define out own CustomIdentityReference so we can keep our security
profile security API consistent: For example...

ISecurityProfile Get(IdentityReference identityReference);

I'm over-simplifying the issue as we have other APIs that would certainly
benefit from a custom identity reference. However, since the
IdentityReference class defines an internal ctor we are forced to break
apart our API into something less elegant. Why allow for custom IIdentity
implementations but without allowing for custom identity references?

Let me know if you need more clarification.

Kindest Regards,
Michael



"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:O7$DMx7HGHA.1388@xxxxxxxxxxxxxxxxxxxxxxx
>I think it is only supposed to be used with the SecurityIdentifier or
>NTAccount derived classes, but I'm not from MS, so I can't say for sure.
>
> Can you say more about your scenario?
>
> Joe K.
>
> "Michael Primeaux" <mjprimeaux@xxxxxxxxxxxxxx> wrote in message
> news:eIdRcJ7HGHA.596@xxxxxxxxxxxxxxxxxxxxxxx
>>
>> Would someone from Microsoft please explain what scenario required the
>> IdentityReference class in .NET 2.0 to be declared with an internal
>> constructor. I have serveral use cases that would benefit extensively
>> from a custom identity reference. However, that's not currently possible
>> as the Identity reference class can not be inherited.
>>
>> Kindest Regards,
>> Michael Primeaux
>>
>
>


.