|
You'll have to write a different login form to do what you want. You'll want to get the user's Windows credentials, and then you'll need to authenticate them with Windows itself - and there are APIs in .NET to do this (though I don't know them off the top of my head).
You will still want CSLA to use Windows auth - you just need to change your UI to keep track of whether it has re-authenticated the user (because Windows already did the authentication, and so the principal object is already set and correct).
My authentication model is a hybrid. I want the users to login to my application with their Windows user credentials even though they are already authenticated but then use the internal roles in my SQL Server database.
I have added the .Net routine which re-autheticates the user against an LDAP server into my login form which is cloned from the PTracker app.
Now I need to determine a way to graft my database roles onto the Identity object since I will be using Windows authentication minus any Windows roles. My Winforms app can use the continue to use the SecurityDataset from Pttracker if I remove the userid.
Any advice on how to best graft the roles is much appreciated.
I'm still trying to figure out how to best graft the application level roles onto the Windows Identity object but in the meantime I thought I'd share the piece I used to to the LDAP authentication. In my login form I added the following:
' Re-Authenticate this user with Active Directory
Dim LDAPDomain As String = My.Settings.LDAPDomain
If ValidateActiveDirectoryLogin(LDAPDomain, Me.txtUsername.Text, Me.txtPassword.Text) Then
GetCurrentUser()
Me.DialogResult = System.Windows.Forms.DialogResult.OK
Me.Close()
Else
MessageBox.Show("The system cannot log you on. Make sure your username and password are correct.")
End If
Private Function ValidateActiveDirectoryLogin(ByVal Domain As String, ByVal Username As String, ByVal Password As String) As Boolean
Dim Success As Boolean = False
Dim Entry As New System.DirectoryServices.DirectoryEntry("LDAP://" & Domain, Username, Password)
Dim Searcher As New System.DirectoryServices.DirectorySearcher(Entry)
Searcher.SearchScope = DirectoryServices.SearchScope.OneLevel
Try
Dim Results As System.DirectoryServices.SearchResult = Searcher.FindOne
Success = Not (Results Is Nothing)
Catch
Success = False
End Try
Return Success
End Function
RockfordLhotka:
You'll have to write a different login form to do what you want. You'll want to get the user's Windows credentials, and then you'll need to authenticate them with Windows itself - and there are APIs in .NET to do this (though I don't know them off the top of my head).
You will still want CSLA to use Windows auth - you just need to change your UI to keep track of whether it has re-authenticated the user (because Windows already did the authentication, and so the principal object is already set and correct).
That's waht I did in
FAQ: How to use Windows authentication in PTracker (PTWin) (C#)
http://forums.lhotka.net/forums/post/28161.aspx
I made some changes to PTracker authentication in order to have Windows Authentication. In fact you just need to change CslaAuthentication attribute. The nicest thing about it is that you can have both at the same time.
If the users that is authenticated under Windows exists in the users table, it gets logged on with no further questions. Otherwise (the windows user name doesn't exist in the users table) the login window will ask for username/password. This is quite useful when you have an application on a client but your laptop is not in the client's domain. You can still use your laptop and login in the application using the application admin username.
Cheers
Hi all,
Its really ammazing how many different ways we have found to implement different authentication methods.
I think we can wirte a book on this !!
Tarek.
I have made some effort in that regard and enabled Mixed/Dual Authentication: Window and Forms.
http://forums.lhotka.net/forums/thread/22529.aspx
I have the complete sample code. Please let me know if you want it. Once I am back in the office I can post it for you.Tarek.
Thanks Tarek,
I ended up using LDAP to authenticate the userid/password. Then I take this userid and build the CSLA principle and identity objects. I have a connection string containing a totally different userid and password which is granted execute access to stored procedures only.
The last piece I need to build is to encrypt the connection string in the app.config file. This is a challenge because my app is clickonce forms which means that I need to use a non-machine dependent method of encrypting the app.config. I am looking at a solution like this one:
http://guy.dotnet-expertise.com/CommentView,guid,b3850894-3a8e-4b0a-aa52-5fa1d1216377.aspx
Dear Warren
Thank you for the feedback about using LDAP.
Just to make sure I understand what you meant.
Did you implement Forms Authentication and to validated the username/password against LDAP (Windows Active Directory), i.e., the user will enter his username/password and you check the validity of this user using .NET Against Active Directory (LDAP) ?
If so, then could you please kindly post a sample code on how to do such authentication against LDAP ?
Thank you again.
Tarek.
Hi TareKahf.
In the post of 05-26-2008, 6:30 PM, you said that you have a sample code that enabled Mixed/Dual Authentication. Could you please help me, I tried, but not it works.
I'm sorry for my english it so bad.
Wendy Mejías A.
Dear Wendy,
Please check this link for complete details about the required changes you asked for:
http://forums.lhotka.net/forums/25866/ShowThread.aspx#25866
I hope this will be helpful to you.
Tarek.
Copyright (c) Marimer LLC