Custom Windows Authentication Principal?

Discussion in 'ASP .Net Security' started by Eric Wise, Feb 10, 2004.

  1. Eric Wise

    Eric Wise Guest

    Ok here's the situation, I have several intranet applications at this
    company that use windows authentication.

    Now when people open the application I can use the user.identity.name to
    grab their username. I then use this to query a database that has security
    settings for the applications.

    What I would like to do is have my own custom user token that I could add
    additional fields to (like user.identity.userid, user.identity.departmentid,
    user.identity.emailaddress) so I wouldn't have to query the database every
    time I want to view them and I don't have to worry about managing session
    variables.

    Now I've written some code I think will work, but the problem is I can't
    figure out how to access the custom information once someone logs in. If
    someone could review the code and help me with the last step (or inform me
    that I'm barking up the wrong tree) I'd really appreciate it.

    Here's the class I created:

    Imports System.Security.Principal

    Public Class BenetUser

    Implements IPrincipal

    Private m_Roles() As String

    Private m_Id As MyIdentity

    Private m_CCID As Integer

    Private m_Email As String

    Private m_UserName As String

    Public Overridable Overloads Function IsInRole(ByVal role As String) As
    Boolean Implements IPrincipal.IsInRole

    Dim r As String

    For Each r In m_Roles

    If String.Compare(role, r, True) = 0 Then

    Return True

    End If

    Next

    Return False

    End Function

    Public Overridable Overloads ReadOnly Property Identity() As IIdentity
    Implements IPrincipal.Identity

    Get

    Return m_Id

    End Get

    End Property

    Public ReadOnly Property UserName() As String

    Get

    Return m_UserName

    End Get

    End Property

    Public ReadOnly Property Id() As Integer

    Get

    Return m_Id.Id

    End Get

    End Property

    Public ReadOnly Property CCID() As Integer

    Get

    Return m_CCID

    End Get

    End Property

    Public ReadOnly Property Email() As String

    Get

    Return m_Email

    End Get

    End Property

    Public Sub New(ByVal roles() As String, ByVal intId As Integer, ByVal
    intCCID As Integer, ByVal strEmail As String, ByVal strUserName As String)

    m_Roles = roles

    m_Id = New MyIdentity(intId)

    m_CCID = intCCID

    m_Email = strEmail

    m_UserName = strUserName

    End Sub

    Private Class MyIdentity

    Implements IIdentity

    Private m_Id As Integer

    Public Overridable Overloads ReadOnly Property IsAuthenticated() As
    Boolean Implements IIdentity.IsAuthenticated

    Get

    Return True

    End Get

    End Property

    Public Overridable Overloads ReadOnly Property Name() As String
    Implements IIdentity.Name

    Get

    Return m_Id.ToString()

    End Get

    End Property

    Public Overridable Overloads ReadOnly Property AuthenticationType()
    As String Implements IIdentity.AuthenticationType

    Get

    Return "Windows"

    End Get

    End Property

    Friend ReadOnly Property Id() As Integer

    Get

    Return m_Id

    End Get

    End Property

    Public Sub New(ByVal id As Integer)

    m_Id = id

    End Sub

    End Class

    End Class



    Then in my global.asax file I put the following code:

    Public Sub WindowsAuthentication_OnAuthenticate(ByVal sender As Object,
    ByVal e As System.Web.Security.WindowsAuthenticationEventArgs)

    If e.Identity.IsAuthenticated Then

    Dim id As System.Security.Principal.WindowsIdentity = e.Identity

    Dim userName As String = id.Name

    Dim myUser As New BPWUser(Replace(userName, "OSTNET1\", ""))

    Dim allRoles As String = myUser.Roles

    Dim roles() As String = Split(allRoles, "|")

    e.User = New BenetUser(roles, myUser.ResourceID,
    myUser.CostCenterID, myUser.EmailName, myUser.UserName)

    End If

    End Sub
     
    Eric Wise, Feb 10, 2004
    #1
    1. Advertising

  2. Did you consider inheriting from WindowsIdentity (or WindowPrincipal) to add
    your custom functionality instead of reimplementing? Getting all the
    WindowsIdentity token-based stuff correct seems like it would be quite a
    pain. A lot of that is written in C++ instead of C# in the MS
    implementation.

    I've sub-classed WindowsPrincipal before and added a whole bunch of
    additional properties and it worked well for me.

    Joe K.

    "Eric Wise" <> wrote in message
    news:%23F8cGF%...
    > Ok here's the situation, I have several intranet applications at this
    > company that use windows authentication.
    >
    > Now when people open the application I can use the user.identity.name to
    > grab their username. I then use this to query a database that has

    security
    > settings for the applications.
    >
    > What I would like to do is have my own custom user token that I could add
    > additional fields to (like user.identity.userid,

    user.identity.departmentid,
    > user.identity.emailaddress) so I wouldn't have to query the database every
    > time I want to view them and I don't have to worry about managing session
    > variables.
    >
    > Now I've written some code I think will work, but the problem is I can't
    > figure out how to access the custom information once someone logs in. If
    > someone could review the code and help me with the last step (or inform me
    > that I'm barking up the wrong tree) I'd really appreciate it.
    >
    > Here's the class I created:
    >
    > Imports System.Security.Principal
    >
    > Public Class BenetUser
    >
    > Implements IPrincipal
    >
    > Private m_Roles() As String
    >
    > Private m_Id As MyIdentity
    >
    > Private m_CCID As Integer
    >
    > Private m_Email As String
    >
    > Private m_UserName As String
    >
    > Public Overridable Overloads Function IsInRole(ByVal role As String)

    As
    > Boolean Implements IPrincipal.IsInRole
    >
    > Dim r As String
    >
    > For Each r In m_Roles
    >
    > If String.Compare(role, r, True) = 0 Then
    >
    > Return True
    >
    > End If
    >
    > Next
    >
    > Return False
    >
    > End Function
    >
    > Public Overridable Overloads ReadOnly Property Identity() As IIdentity
    > Implements IPrincipal.Identity
    >
    > Get
    >
    > Return m_Id
    >
    > End Get
    >
    > End Property
    >
    > Public ReadOnly Property UserName() As String
    >
    > Get
    >
    > Return m_UserName
    >
    > End Get
    >
    > End Property
    >
    > Public ReadOnly Property Id() As Integer
    >
    > Get
    >
    > Return m_Id.Id
    >
    > End Get
    >
    > End Property
    >
    > Public ReadOnly Property CCID() As Integer
    >
    > Get
    >
    > Return m_CCID
    >
    > End Get
    >
    > End Property
    >
    > Public ReadOnly Property Email() As String
    >
    > Get
    >
    > Return m_Email
    >
    > End Get
    >
    > End Property
    >
    > Public Sub New(ByVal roles() As String, ByVal intId As Integer, ByVal
    > intCCID As Integer, ByVal strEmail As String, ByVal strUserName As String)
    >
    > m_Roles = roles
    >
    > m_Id = New MyIdentity(intId)
    >
    > m_CCID = intCCID
    >
    > m_Email = strEmail
    >
    > m_UserName = strUserName
    >
    > End Sub
    >
    > Private Class MyIdentity
    >
    > Implements IIdentity
    >
    > Private m_Id As Integer
    >
    > Public Overridable Overloads ReadOnly Property IsAuthenticated()

    As
    > Boolean Implements IIdentity.IsAuthenticated
    >
    > Get
    >
    > Return True
    >
    > End Get
    >
    > End Property
    >
    > Public Overridable Overloads ReadOnly Property Name() As String
    > Implements IIdentity.Name
    >
    > Get
    >
    > Return m_Id.ToString()
    >
    > End Get
    >
    > End Property
    >
    > Public Overridable Overloads ReadOnly Property

    AuthenticationType()
    > As String Implements IIdentity.AuthenticationType
    >
    > Get
    >
    > Return "Windows"
    >
    > End Get
    >
    > End Property
    >
    > Friend ReadOnly Property Id() As Integer
    >
    > Get
    >
    > Return m_Id
    >
    > End Get
    >
    > End Property
    >
    > Public Sub New(ByVal id As Integer)
    >
    > m_Id = id
    >
    > End Sub
    >
    > End Class
    >
    > End Class
    >
    >
    >
    > Then in my global.asax file I put the following code:
    >
    > Public Sub WindowsAuthentication_OnAuthenticate(ByVal sender As Object,
    > ByVal e As System.Web.Security.WindowsAuthenticationEventArgs)
    >
    > If e.Identity.IsAuthenticated Then
    >
    > Dim id As System.Security.Principal.WindowsIdentity =

    e.Identity
    >
    > Dim userName As String = id.Name
    >
    > Dim myUser As New BPWUser(Replace(userName, "OSTNET1\", ""))
    >
    > Dim allRoles As String = myUser.Roles
    >
    > Dim roles() As String = Split(allRoles, "|")
    >
    > e.User = New BenetUser(roles, myUser.ResourceID,
    > myUser.CostCenterID, myUser.EmailName, myUser.UserName)
    >
    > End If
    >
    > End Sub
    >
    >
    >
    >
     
    Joe Kaplan \(MVP - ADSI\), Feb 10, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. David B. Bitton

    Custom Principal

    David B. Bitton, Feb 25, 2004, in forum: ASP .Net
    Replies:
    4
    Views:
    981
    Steven Cheng[MSFT]
    Mar 2, 2004
  2. lucd
    Replies:
    2
    Views:
    4,819
  3. padma
    Replies:
    3
    Views:
    431
    Victor Bazarov
    Oct 5, 2007
  4. Custom Principal

    , Feb 24, 2005, in forum: ASP .Net Security
    Replies:
    0
    Views:
    128
  5. Michael
    Replies:
    3
    Views:
    223
    Jerry Goldin
    May 12, 2004
Loading...

Share This Page