Hi everyone,
I have recently re-read the excellent ebook « using Csla4-04-Dataportal » focusing on Windows Authentication. Actually, I'm trying to implement a 3 tiers wpf application authentication relying on Active Directory identity.
In my case, the user and client workstation are not on the AD domain, so I'm looking for a way where the user can specify a windows account AD (by example typing: domain, username and password) which will be next checked on the server part.
In the samples provide with the ebooks, the "windows authentication solution" seems good but is it possible to create our own WindowsPrincipal :
I mean to do something like that
System.AppDomain.CurrentDomain.SetPrincipalPolicy(
New MyOwnWindowsPrincipal("domain", "UserName", "Password"));
instead
System.AppDomain.CurrentDomain.SetPrincipalPolicy(
System.Security.Principal.PrincipalPolicy.WindowsPrincipal);
Or should I use Custom Authentication and base my development on the "Custom authentication solution".
Thanks in advance for your help.
Cedric
You can't create a Windows principal that actually carries real Windows AD info on the client, but you can create a custom principal that brings the list of roles/groups back to the client.
In the book I show how to do this with Silverlight, but the same technique works on WPF or any smart client scenario. You need to have your DataPortal_Fetch method for the identity object run on the server (in the domain) and load itself with the user's domain groups. The object that returns to the client is a custom principal, but at least it has the user's domain username and groups.
If you want to implement _impersonation_ on the server, that's harder. To do that you'll need the user to provide you with their domain password. Then on the server you can make a pretty simple call to a method on WindowsPrincipal (or WindowsIdentity?) to impersonate the user based on their username/password.
Obviously if you are ferrying the user's password around you'll want to encrypt it.
Thanks a lot Rocky for your enlightenment.
I take your advice and I'm starting to look at the windows authentifcation using silverlight technique.
Copyright (c) Marimer LLC