Hello,
I want to support both, windows-domain-user and user/password login in my application.
At the same time. Like it is possible with the login form of the SQL-ManagementStudio.
The user should be able to select between "login using windows credentials" and "login using user/password".
How can such a scenario be implemented using CSLA?
The application has to work in any deployment mode, 1-tier, 2-tier and 3-tier.
Thanks, and best wishes for the coming year,
Alex.
The simplest solution is to look at the ASP.NET Membership/Role provider model and probably add your own MembershipProvider for Windows Authentication and check the users credentials is valid and then check roles before granting access to the application.
If you want to configure WindowsAuthetication as builtin in WCF that is a whole other story and not an easy path to take. You will need separate endpoints for each authentication mode and it's hard to configure windows authentication in N-level config
Jonny,
I do not really understand what you wrote.
Yes, it seems the WCF thing is complicated and I'll try to avoid it.
But reading your first answer part, I think you wrote about a web solution.
My application is a WPF solution. Maybe there will be more clients using Silverlight, WinRT, ASP or whatever... But that is another story so far.
With 1-tier I meant a (notebook) client, on which the SQL-DB is replicated to and the WPF-Client uses the CSLA local dataportal mode.
This is the configuration for disconnected road-warrior clients, maybe not even part of the windows domain.
On the other side will be a Windows-Domain network in 3-tier mode.
The client runs the WPF UI, which is takling to the CSLA server, which is connected to a dedicated SQL server.
I do not need authentication down to the SQL server, this connection will be the same for all.
There is a user database where I want to store the Domain SID of the user when it is assocciated to a domain user.
In windows logon, the user does not need to input his password for the application again.
Do you think it will be okay to automatically pass the SID as password in this mode?
The server could look if this SID matches an active user with the given name...
Is there any sample where I could look at?
thanks, alex.
The ASP.NET Membership provider is an API that can be used in any .NET application (or serverside).
More info can be found here:
Creating the membership schema in sql server
Using the ASP.NET membership provider in a Windows forms application
Custom Membership Providers
Your updated description may seem more closer to ProjectTracker which uses its own Security database for users / authentication.
You could start out from this and add LDAP/AD queries to authenticate user, password and load roles when users ticks off for Windows Authentication - and use a custom principal object.
I would be very careful as to use the users SID as you describe.
You may also want to check the API against LDAP/AD and remember - a users roles may change or the user may be deleted or disabled in the domain or how to handle thrust between different domains?
Copyright (c) Marimer LLC