Generic Principal and Setting Identity

  • Thread starter Thread starter localhost
  • Start date Start date
L

localhost

For a WinForms application, I authenticate users against a database
and then build a customized class (subclassed from IPrincipal) with
roles. I authenticate against a database instead of using the
inherent WindowsIdentity because different users sometimes share a
single machine, and each user has different app capabilities.

I now want to make sure that the current WinForm is set to this user
for applying declarative Role-Based security.

Right now I do the below. Is this sufficient?

System.Threading.Thread.CurrentPrincipal = myCustomPrincipal;



Thanks.
 
Hello,

Thanks for your post. I reviewed your description carefully, and I believe
that you need to impersonate a user which can access a database in code
instead of replacing a Principal object. Though the following KB article
discusses ASP .NET Web App, you can still apply it in WinForm App.

INFO: Implementing Impersonation in an ASP.NET Application
http://support.microsoft.com/?ID=306158

Hope this helps.

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! -- www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
 
This single line of code will not be sufficient ;-)
Since you are not using the WindowsPrincipal policy, you will have to assign
roles to your identities (stored in the DB), and pass them to the
GenericPrincipal constructor like:
.....
string[] roles = .... // roles assigned to the principal and read
from the DB
IPrincipal principal = new GenericPrincipal(identity, roles);
AppDomain.CurrentDomain.SetThreadPrincipal(principal);

Later in your code you can check for role membership ...

if(Thread.CurrentPrincipal.IsInRole("Manager"))
{
...

Note however, that this is only helpful for keeping track of a principal,
the OS has no knowledge about this. So if the current process runs as Bob,
and the new principal is Alice, it's Bob that needs to be granted access
permissions to any resource that will
be accessed.
Willy.
 
Back
Top