Skip to main content

Authenticating and Authorizing in .Net




Namespace: System.Security.Principal


Authenticating is the process of checking a user’s identity. Authorization means verifying user’s right to access the resources according to his identity.
Usually authorization happens after authentication.

Integrate system with Active Directory using WindowsIdentity and WindowsPrincipal.
For straight-forward database, use GenericIdentity and GenericPrincipal.
For a better control over user and roles implement IIdentity and IPrinciapl.

WindowsIdentity Class:
This class represents a windows account, along with user name and authentication code. Instance of WindowsIdentity can be created using:

1.       GetAnonymous: Returns WindowsIdentity Object of an unauthenticated user, which is used to insure that your code runs successfully.
2.       GetCurrent: Returns WindowsIdentity that represents the current logged in user.
3.       Impersonate:    Returns a WindowsImpersonationContect Object used prior to authenticating user from the

WindowsPrincipal Class:
This class provides facility to work with the membership of the user in different groups.

WindowsBuiltinRole enumeration enlists three major groups which are Administrator, Power user and simple user.
WindowsPrincipal.IsInRole(“ikonami/mubbasher”) can be useful.

PrincipalPermissions class:
This class allows acquiring certain permissions related like membership to a role to execute a code.

Authenticated, Role and Name are major properties related to it.

[PrincipalPermission(SecurityAction.Demand, Role = @“BUILTIN \Administrators”)]
[PrincipalPermission(SecurityAction.Demand, name = @“ikonami\mubbasher”)]
[PrincipalPermission(SecurityAction.Demand, name = @“ikonami\mubbasher” , Role = @“ikonami\developers”)]
[PrincipalPermission(SecurityAction.Demand, Authenticated= true)]

Or use imperative style

PrincipalPermission p = new PrincipalPermissions(PermissionState);
//PermissionState can be None or Unrestricted

PrincipalPermission p = new PrincipalPermissions(name, role);
PrincipalPermission p = new PrincipalPermissions(name, role, authenticated);

p.Demand ();

Any of the name, role, Authenticated can be null.

Implementing Custom Users and Roles

Implement Custom Identity Class by implementing IIdentity interface.
Interface contains the following properties: AuthenticationType(NTLM, Kerberos, and Passport), IsAutehnticated and Name

Implement Custom Principal Class by implementing IPrincipal interface.
IPrincipal interface contains the following Property Identity and method IsInRole.

Creating Simple Custom User Privilege Model:

This Model is based on GenericIdentity and GenericPrincipla.

GenericIdentity MyIdentity = new GenericIdentity("MyIdentity");

// Create generic principal.
String[] MyStringArray = {"Manager", "Administrator"};
GenericPrincipal MyPrincipal =
     new GenericPrincipal(MyIdentity, MyStringArray);

Thread.CurrentPrincipal = MyPrincipal;

OnlyAdministratorMethod();

And OnlyAdministratorMethod() is:

[PrincipalPermission(SecurityAction.Demand, Role= “Administrators”)]
Public void OnlyAdministratorMethod()
{
}

Exception Handling
System.Security.Authentication.AuthenticationException occurs when credentials are invalid, prompt from the user and try again.

System.Security.Authentication.InvalidCredentialException underlying stream is in invalid, so don’t try again.

These exception usually occur when you authenticate remote users based on underlying streams System.Net.Security.NegotiateStream or System.Net.Security.SslStream
Labels:

Comments

Post a Comment

Popular posts from this blog

Culture Information and Localization in .NET

Namespace: System.Globalization CultureInfo Class:                 It provides information like the Format of numbers and dates, Culture’s Calendar, Culture’s language and sublanguage (if applicable), Country and region of the culture. The Basic use of CultureInfo class is shown here: • How string Comparisons are performed • How Number Comparison & Formats are performed • Date Comparison and Formats. • How resources are retrieved and used. Cultures are grouped into three categories: Invariant Culture : It’s Culture Insensitive. It can be used to build some trial application. It can be also used to build an application with hard-coded expiry date that ignores cultures. But using it for every comparison will be incorrect and inappropriate. Neutral Culture : English(en), Frensh(fr), and Spanish(sp). A neutral culture is related to language but it’s not related to specific regi...
Post a Comment
Continue Reading »

Concept of App Domain in .Net

Creating Application Domains: Application domain is just like process, provides separate memory space, and isolates from other code. But it’s quite light weight. It also provides the following advantages: 1-       Reliability : If a domain crashes, it can be unloaded. Hence doesn’t affect the other assemblies. 2-       Efficiency : Loading all assemblies in one domain can be cumbersome and can make the process heavy but Appdomains are efficient in this manner. Important properties of AppDomain: ApplicationIdentity , ApplicationTrust , BaseDirectory , CurrentDomain , DomainManager , DomainDirectory , Evidence , FriendlyName , ID , RelativeSearchPath , SetupInformation , ShadowCopyFiles . Important methods of AppDomain: ApplyPolicy , CreateCOMInstanceFrom , CreateDomain , CreateInstance (Assembly). To create an AppDomain: AppDomain adomain = AppDomain.CreateDomain(“D”); To execute an assembly:...
Post a Comment
Continue Reading »

Asynchronous Execution in ASP.NET

Asynchronous Execution: Two ways either implement IHTTPAsyncHandler interface or in ASP.NET 2.0 set <%@ Page Async=”true” %>. The second option implements IHTTPAsyncHandler interface automatically for the page when parsed or compiled. AddOnPreRenderCompleteAsync ( new BeginEventHandler(BeginTask), new EndEventHandler(EndTask)); AddOnPreRenderCompleteAsync() shoud be called in Page_load. The BeginEventHandler and EndEventHandler are delegates defined as follows: IAsyncResult BeginEventHandler( object sender, EventArgs e, AsyncCallback cb, object state) void EndEventHandler( IAsyncResult ar) AsyncProcess starts and completes between PreRender and PreRenderComplete. Other way to perform Async Task is using AsyncPageTask structure. It also allows multiple tasks to execute simultaneously. void Page_Load (object sender, EventArgs e) { PageAsyncTask task = new PageAsyncTask( new BeginEventHandler(BeginTask), new EndEventH...
Continue Reading »