HowTo programmatically define roles and users ...

  • Thread starter Thread starter herbert
  • Start date Start date
H

herbert

In work on a large Intranet application using WCF. Clients can impersonate
via a login form and should get access to objects on the WCF host via roles
checked programmatically on the host.
The WCF host is a Windows Service.

The assignment user - role, as well as creating/deleting users and
creating/deleting roles must be fully dynamic and changes on an hourly basis.

Think of it like a game:
- The admin defines, which boxes are on the table: red, blue, .... in the
current run
- the admin defines, who is allowed to run which box
- each player chooses one or more boxes, obtaining the list of boxes set up
for him by the admin
- several players can choose the same box.

Is there a managed .NET class to create/delete/... Windows roles, users and
their membership?

Or is it better to create my own security framework?

Or can the ASP.NET role provider be tweaked to work in this case?

Thank you very much. Herbert
 
The only thing a WCF service adds is a boundary. You are, in essence,
creating a authentication service. Therefore, you should forget about this.
It is a learning curve and a bit of complexity, but if you forget the
technology, you can examine the issue at hand from a flat perspective and
examine the actual problem domain.

Now, if this was flat, could you use Membership and Roles? Out of the box?
Probably not. Through a custom provider? Possibly. Examine custom providers
and see if you can solve the issue. If not, you need your own security
method. I would guess, however, that you can use this method.

But, another possiblity, that migth fit you Intranet scenario better, is to
work with Kerebos or some other Windows method. Since you are marshalling
this from a service, you will end up writing some custom code. This is more
difficult to do, but more secure.

Easier? I would aim for a custom provider first and use this service.

Even easier. Instead of using a service, create a authentication library and
include in your various projects. Not as centralized, but still a separation
of concerns.

All have their trade offs. If you want more code written, the ASP.NET
membership and role providers are the easiest and fairly full featured. If
you put too much separation between layers, it can be a royal pain in the
butt.

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

Subscribe to my blog
http://gregorybeamer.spaces.live.com/lists/feed.rss

or just read it:
http://gregorybeamer.spaces.live.com/

*************************************************
| Think outside the box!
|
*************************************************
 
Back
Top