Custom Role Based Security

Discussion in 'ASP .Net' started by Boris Condarco, Nov 28, 2003.

  1. Hi gurus,

    I was reading some documentation about security in .NET Framework, it
    mention that it is possible to make custom Role Based security for example:
    check the authentication with Windows Integrated and once do that, create a
    Generic Identity in orde to create a Generic Principal with custom roles for
    that user. Finally, replace the current Principal to the new Generic
    Principal.

    Is it possible to do this in an ASP.NET application?, If yes, Does someone
    of you can share a little code?, i would really apreciate it... :)

    Thanks in advance.

    Boris.
    Boris Condarco, Nov 28, 2003
    #1
    1. Advertising

  2. Look at
    "Designing Application-Managed Authorization"
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/damaz.asp


    Basically set the HttpContext.Current.User to you own IPrincipal
    implementation in Global.asax Application_AuthenticateRequest method.

    /Michel

    Boris Condarco wrote:
    > Hi gurus,
    >
    > I was reading some documentation about security in .NET Framework, it
    > mention that it is possible to make custom Role Based security for example:
    > check the authentication with Windows Integrated and once do that, create a
    > Generic Identity in orde to create a Generic Principal with custom roles for
    > that user. Finally, replace the current Principal to the new Generic
    > Principal.
    >
    > Is it possible to do this in an ASP.NET application?, If yes, Does someone
    > of you can share a little code?, i would really apreciate it... :)
    >
    > Thanks in advance.
    >
    > Boris.
    >
    >
    =?ISO-8859-1?Q?Michel_Andr=E9?=, Nov 28, 2003
    #2
    1. Advertising

  3. Boris Condarco

    Tommy Guest

    You can definitely perform impersonation in ASP.NET. There are a few
    ways to do it. Which approach fits you depends on what level of
    security you need.

    1. Turn on "Basic authentication" on your virtual directory through
    IIS.
    Turn on impersonation in your ASP.NET web application through
    Web.Config.

    2. Use a mix of .NET Framework and Windows API to authenticate the
    user's
    identity.
    Use a mix of .NET Framework and Windows API to check if the user
    has
    authorization to the resource.

    3. Combine "Basic Authentication", a custom ISAPI filter, and Active
    Directory
    to authenticate and authorize user's access to resources.

    Option #1 requires no code in your part, but it is the least security
    approach.

    Option #2 requires requires coding with the .NET Framework and Windows
    API, but is not too bad. The ASP.NET newsgroup will have plenty of
    examples code sample.

    Option #3 is the most secure approach among all the options. However,
    It requires a lot of coding, especially with the ISAPI filter sinces
    it needs to be written in C++.

    Tommy,

    "Boris Condarco" <> wrote in message news:<>...
    > Hi gurus,
    >
    > I was reading some documentation about security in .NET Framework, it
    > mention that it is possible to make custom Role Based security for example:
    > check the authentication with Windows Integrated and once do that, create a
    > Generic Identity in orde to create a Generic Principal with custom roles for
    > that user. Finally, replace the current Principal to the new Generic
    > Principal.
    >
    > Is it possible to do this in an ASP.NET application?, If yes, Does someone
    > of you can share a little code?, i would really apreciate it... :)
    >
    > Thanks in advance.
    >
    > Boris.
    Tommy, Nov 28, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jesper Stocholm
    Replies:
    2
    Views:
    8,069
    John Saunders
    Aug 23, 2003
  2. Liet Kynes
    Replies:
    0
    Views:
    474
    Liet Kynes
    Nov 26, 2003
  3. sean

    Role Based Security

    sean, May 27, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    344
    Steve C. Orr [MVP, MCSD]
    May 27, 2004
  4. Scott Natwick

    Role-based security

    Scott Natwick, Oct 22, 2004, in forum: ASP .Net
    Replies:
    6
    Views:
    389
    Scott Natwick
    Oct 24, 2004
  5. Kursat
    Replies:
    1
    Views:
    299
    Dominick Baier
    May 7, 2007
Loading...

Share This Page