Combining AD authentication with database-driven privileges?

Combining AD authentication with database-driven privileges?

Old forum URL: forums.lhotka.net/forums/t/4886.aspx

scott8035 posted on Thursday, May 22, 2008

Greetings. I'm new to CSLA, and I'm having trouble figuring out how to achieve the effect I want for a security role. What I want to do is use AD to authenticate the user/password, but then check for the presence/absence of a row in a table which would grant/deny that user a certain set of privileges. A combination of Windows authentication and application-driven roles. Can anyone point me in the right direction?
---scott

RockfordLhotka replied on Thursday, May 22, 2008

You'll need to use custom authentication within CSLA - much like the code in ProjectTracker (create your own custom principal/identity classes).

Then, in your identity class's DataPortal_Fetch() (or perhaps earlier - in the factory method or the principal's Login() method) you will need to validate the supplied user credentials against AD.

Once you are sure the credentials are valid, initializing the identity object should work the same as the example in ProjectTracker.

JoeFallon1 replied on Monday, May 26, 2008

I agree.

I do something similar when a client wants to use Windows IDs for single sign-on. I trap the Windows ID, validate it in a different system and then use the information to log-in behind the scenes and retrieve the roles and permissions from my DB and load them into my custom Principal. From then on I just use the custom Principal in my app as normal.

Joe

 

Copyright (c) Marimer LLC