NT Groups and Security...

vbkevin posted on Tuesday, March 17, 2009

I have read through several articles and most of the book.  I am working on a windows app that will use csla.net 3.6.  I would like to use NT Groups to dictate within the app what the user can and can not do.  By doing this I should be able to completely bypass the Security DB.  So far I am not seeing this built into the application or am I missing something.  Thanks.

This is done within the app before the call.
   AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);


I would like to be able to do this... where "S-App-COFSNonMon" is an NT group that current user is a member of. But.. when I do this the logged in user gets a pass .. weather the user is member of that group or not.

        Csla.Security.AuthorizationRules.AllowGet(typeof(NonMonItems), "S-APP-COFSNonMon");

JoeFallon1 replied on Tuesday, March 17, 2009

I think that if you want to use Windows Security you have to use the Principal "as is".

If you want to do anything else then you should use a custom Principal. Maybe you can fetch the Windows Principal and extract some information from it to load your custom Principal.

Or you can write code to query the data store directly. Bottom line - you need to load the right set of roles and permissions for a given user and there are various ways you can accomplish that task.

Joe

 

vbkevin replied on Wednesday, March 18, 2009

Thank you for you help... that is exactly what I did.  I modified PTPrincipal and PTIdentity to hit AD to get the groups for the current user and gather user info... worked well. No DB interaction. Thanks.  Happy to share code if anyone is looking for this.

whelzer replied on Wednesday, March 18, 2009

Kevin,

I'd be interested in the code,  we currently use a custom principal but a forthcoming project may need to hook into AD groups.

Thanks

Paul

JoeFallon1 replied on Thursday, March 19, 2009

I would like to see the code to fetch AD roles too. Just out of curiosity.

Joe

 

JohnB replied on Thursday, March 19, 2009

Everyone,

I decided to put something together to share. This is a very simple demo done in VB with CSLA 3.0.4.

It's ready to go for anyone who needs it. If you have any questions I'll be happy to help if I can.

Oh yeah, and VS 2008.

John

Sorry, when edited it dropped the attachment. It's back.

JoeFallon1 replied on Friday, March 20, 2009

Thanks.

Very interesting.

Note: downloaders need to re-reference Csla.dll before compiling.

Joe