Ask a Question related to ASP.NET Security, Design and Development.
-
Klaus #1
how to add another property to class inheriting from IIdentity?
Hello peoples
this is a question regarding security of windows application
I want to add another property (the UserID) to System.Security.Principal.IIdentity
My code looks logical (at least to me) and does show the property 'UserID' in the Intellisense
But when I try to use it anywhere throughout the code doesn't let me do the following
Thread.CurrentPrincipal.Identity.UserI
It only comes up with the default IIdentity properties AuthenticationType, IsAuthenticated and Name
Did I do something wrong, or is there really no way to have an additional property (like my UserID)
Any hints are much appreciated
Here's the code
Imports Syste
Imports System.Threadin
Imports System.Security.Principa
Public Class SecurityBU
Public Class SecIdentit
Implements IIdentit
Public ConnectionString As Strin
Private _UserID As Integer =
Private _Username As String = "
Private _Roles As New ArrayLis
#Region " IIdentity
Public ReadOnly Property AuthenticationType() As String Implements System.Security.Principal.IIdentity.Authentication Typ
Ge
Return "Special
End Ge
End Propert
Public ReadOnly Property IsAuthenticated() As Boolean Implements System.Security.Principal.IIdentity.IsAuthenticate
Ge
Return Len(Me._Username) >
End Ge
End Propert
Public ReadOnly Property Name() As String Implements System.Security.Principal.IIdentity.Nam
Ge
Return Me._Usernam
End Ge
End Propert
#End Regio
Public ReadOnly Property UserID() As Intege
Ge
Return Me._UserI
End Ge
End Propert
Friend Function IsInRole(ByVal strRole As String) As Boolea
Return Me._Roles.Contains(strRole
End Functio
Friend Function LoadIdentity(ByVal strUser As String, ByVal strPw As String) As
BusinessRules.SecurityBUS.SecIdentit
Dim myDAL As New DataAccess.SecurityDA
Dim myTable As New DataTabl
Dim myDR As DataRo
Tr
myDAL.CS_ConnectString = Me.ConnectionStrin
myTable = myDAL.LoadIdentity(strUser, strPw
Me._UserID =
Me._Username = "
Me._Roles.Clear(
If Not myTable Is Nothing The
If myTable.Rows.Count > 0 The
'--user is authenticate
Me._UserID = myTable.Rows(0).Item("UserID"
Me._Username = myTable.Rows(0).Item("Username"
For Each myDR In myTable.Row
Me._Roles.Add(CStr(myDR.Item("Role"))
Nex
End I
End I
Catch ex As Exceptio
Throw New System.Exception("Error: In module SecurityBUS.GetData --> " + vbCrLf + ex.Message
End Tr
Return M
End Functio
End Clas
Public Class SecPrincipa
Implements IPrincipa
Public ConnectionString As Strin
Private _Identity As SecIdentit
#Region " IPrincipal
Public ReadOnly Property Identity() As System.Security.Principal.IIdentity Implements System.Security.Principal.IPrincipal.Identit
Ge
Return Me._Identit
End Ge
End Propert
Public Function IsInRole(ByVal role As String) As Boolean Implements System.Security.Principal.IPrincipal.IsInRol
Return Me._Identity.IsInRole(role
End Functio
#End Regio
#Region " Login Process
Public Sub Login(ByVal strUsername As String, ByVal strPassword As String
Dim currentdomain As AppDomain = Thread.GetDomai
currentdomain.SetPrincipalPolicy(PrincipalPolicy.U nauthenticatedPrincipal
Dim OldPrincipal As IPrincipal = Thread.CurrentPrincipa
Thread.CurrentPrincipal = Me
Try
If Not TypeOf OldPrincipal Is BusinessRules.SecurityBUS.SecPrincipal Then
currentdomain.SetThreadPrincipal(Me)
End If
Catch ex As Exception
'--Failed, but we don't care because there's nothing we can do in this case
End Try
'--Load the underlying identity object that tells whether we are really logged in.
'--If so, will contain the list of roles we belong to.
Dim myIdentity As New BusinessRules.SecurityBUS.SecIdentity
myIdentity.ConnectionString = Me.ConnectionString
Me._Identity = myIdentity.LoadIdentity(strUsername, strPassword)
End Sub
#End Region
End Class
End Class
...thanks for having a look. Klaus.
---
Posted using Wimdows.net Newsgroups - [url]http://www.wimdows.net/newsgroups/[/url]
Klaus Guest
-
Allowing a new design property for control inheriting DataGrid
Hi, I created a custom control inheriting from DataGrid I would like to put a custom property for design time manipulation I added the... -
Help Anyone?How do I access Inner Class Property
hi guys, I am having this problems too... if I inherits it from System.Web.UI.WebControl.WebControls.. it works fine.. but if I inherits it from... -
Binding a textbox to a class property
This might sound like a elementary question but I've haven't been able to figure this one out. How can I bind the "text" property of a "textBox"... -
undefined class property
I've got this $user class that has a variable called $userIsSuperRoot. When I just set error_reporting to ALL I got an error on the last line that... -
Class property misunderstanding
Hi Jim, What you're dealing with here is scope. Variables have scope, which means that they are accessible at different levels depending upon how... -
Hernan de Lahitte #2 Re: how to add another property to class inheriting from IIdentity?
Actually you can't modify IIdentity and add new members. However, you might
derive your own interface from IIdentity and and your custom user profile
data or whatever info you like. If you want a further approach on how to
design a more robust approach on this topic you can check it out the
Authorization & Profiling Application Block
([url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html[/url]
/authpro.asp).
That strategy is very extensible but not as simple as the IIdentity
solution.
I hope this help you.
--
Hernan de Lahitte
Lagash Systems S.A.
[url]http://weblogs.asp.net/hernandl[/url]
This posting is provided "AS IS" with no warranties, and confers no rights.
"Klaus" <klaus@-NOSPAM-kitchen-net.com.au> wrote in message
news:eyIKGV6TEHA.2940@TK2MSFTNGP09.phx.gbl...System.Security.Principal.IIdentity.> Hello peoples,
> this is a question regarding security of windows application.
> I want to add another property (the UserID) toin the Intellisense.> My code looks logical (at least to me) and does show the property 'UserID'the following:> But when I try to use it anywhere throughout the code doesn't let me doIsAuthenticated and Name.> Thread.CurrentPrincipal.Identity.UserID
> It only comes up with the default IIdentity properties AuthenticationType,property (like my UserID)?>
> Did I do something wrong, or is there really no way to have an additionalSystem.Security.Principal.IIdentity.Authentication Type>
> Any hints are much appreciated.
>
> Here's the code.
>
> Imports System
> Imports System.Threading
> Imports System.Security.Principal
>
> Public Class SecurityBUS
> Public Class SecIdentity
> Implements IIdentity
>
> Public ConnectionString As String
> Private _UserID As Integer = 0
> Private _Username As String = ""
> Private _Roles As New ArrayList
>
> #Region " IIdentity "
>
> Public ReadOnly Property AuthenticationType() As String ImplementsSystem.Security.Principal.IIdentity.IsAuthenticate d> Get
> Return "Special"
> End Get
> End Property
>
> Public ReadOnly Property IsAuthenticated() As Boolean ImplementsSystem.Security.Principal.IIdentity.Name> Get
> Return Len(Me._Username) > 0
> End Get
> End Property
>
> Public ReadOnly Property Name() As String ImplementsAs String) As _> Get
> Return Me._Username
> End Get
> End Property
> #End Region
>
> Public ReadOnly Property UserID() As Integer
> Get
> Return Me._UserID
> End Get
> End Property
>
> Friend Function IsInRole(ByVal strRole As String) As Boolean
> Return Me._Roles.Contains(strRole)
> End Function
>
> Friend Function LoadIdentity(ByVal strUser As String, ByVal strPwBusinessRules.SecurityBUS.SecIdentity>SecurityBUS.GetData --> " + vbCrLf + ex.Message)>
> Dim myDAL As New DataAccess.SecurityDAL
> Dim myTable As New DataTable
> Dim myDR As DataRow
> Try
> myDAL.CS_ConnectString = Me.ConnectionString
> myTable = myDAL.LoadIdentity(strUser, strPw)
>
> Me._UserID = 0
> Me._Username = ""
> Me._Roles.Clear()
>
> If Not myTable Is Nothing Then
> If myTable.Rows.Count > 0 Then
> '--user is authenticated
> Me._UserID = myTable.Rows(0).Item("UserID")
> Me._Username = myTable.Rows(0).Item("Username")
>
> For Each myDR In myTable.Rows
> Me._Roles.Add(CStr(myDR.Item("Role")))
> Next
>
> End If
> End If
>
> Catch ex As Exception
> Throw New System.Exception("Error: In moduleSystem.Security.Principal.IIdentity Implements> End Try
>
> Return Me
>
> End Function
>
> End Class
>
> Public Class SecPrincipal
> Implements IPrincipal
>
> Public ConnectionString As String
> Private _Identity As SecIdentity
>
> #Region " IPrincipal "
>
> Public ReadOnly Property Identity() As
System.Security.Principal.IPrincipal.IdentityImplements System.Security.Principal.IPrincipal.IsInRole> Get
> Return Me._Identity
> End Get
> End Property
>
> Public Function IsInRole(ByVal role As String) As BooleanString)> Return Me._Identity.IsInRole(role)
> End Function
>
> #End Region
>
> #Region " Login Process "
>
> Public Sub Login(ByVal strUsername As String, ByVal strPassword Ascurrentdomain.SetPrincipalPolicy(PrincipalPolicy.U nauthenticatedPrincipal)>
> Dim currentdomain As AppDomain = Thread.GetDomain
>BusinessRules.SecurityBUS.SecPrincipal Then>
> Dim OldPrincipal As IPrincipal = Thread.CurrentPrincipal
> Thread.CurrentPrincipal = Me
>
> Try
> If Not TypeOf OldPrincipal Iscan do in this case> currentdomain.SetThreadPrincipal(Me)
>
> End If
> Catch ex As Exception
> '--Failed, but we don't care because there's nothing weare really logged in.> End Try
>
> '--Load the underlying identity object that tells whether westrPassword)> '--If so, will contain the list of roles we belong to.
> Dim myIdentity As New BusinessRules.SecurityBUS.SecIdentity
> myIdentity.ConnectionString = Me.ConnectionString
> Me._Identity = myIdentity.LoadIdentity(strUsername,>
> End Sub
>
> #End Region
> End Class
>
> End Class
>
>
> ..thanks for having a look. Klaus.
>
> ---
> Posted using Wimdows.net Newsgroups - [url]http://www.wimdows.net/newsgroups/[/url]
Hernan de Lahitte Guest
-
Paul Glavich [MVP - ASP.NET] #3 Re: how to add another property to class inheriting from IIdentity?
To be honest, I didn't have a real good look through the code you provided,
but... you should be able to cast the identity object to your custom
identity object to get access to the properties you added (provided you
previously assigned an identity object of your custom identity type). I am a
C# person, but I beleive you need to "CType" the thread identity to your
custom identity type.
--
- Paul Glavich
Microsoft MVP - ASP.NET
"Hernan de Lahitte" <hernan@lagash.com> wrote in message
news:ufxogd7TEHA.1036@TK2MSFTNGP09.phx.gbl...might> Actually you can't modify IIdentity and add new members. However, you([url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html[/url]> derive your own interface from IIdentity and and your custom user profile
> data or whatever info you like. If you want a further approach on how to
> design a more robust approach on this topic you can check it out the
> Authorization & Profiling Application Block
>rights.> /authpro.asp).
> That strategy is very extensible but not as simple as the IIdentity
> solution.
> I hope this help you.
>
> --
> Hernan de Lahitte
> Lagash Systems S.A.
> [url]http://weblogs.asp.net/hernandl[/url]
>
>
> This posting is provided "AS IS" with no warranties, and confers no'UserID'>
> "Klaus" <klaus@-NOSPAM-kitchen-net.com.au> wrote in message
> news:eyIKGV6TEHA.2940@TK2MSFTNGP09.phx.gbl...> System.Security.Principal.IIdentity.> > Hello peoples,
> > this is a question regarding security of windows application.
> > I want to add another property (the UserID) to> > My code looks logical (at least to me) and does show the propertyAuthenticationType,> in the Intellisense.> the following:> > But when I try to use it anywhere throughout the code doesn't let me do> > Thread.CurrentPrincipal.Identity.UserID
> > It only comes up with the default IIdentity propertiesadditional> IsAuthenticated and Name.> >
> > Did I do something wrong, or is there really no way to have anImplements> property (like my UserID)?> >
> > Any hints are much appreciated.
> >
> > Here's the code.
> >
> > Imports System
> > Imports System.Threading
> > Imports System.Security.Principal
> >
> > Public Class SecurityBUS
> > Public Class SecIdentity
> > Implements IIdentity
> >
> > Public ConnectionString As String
> > Private _UserID As Integer = 0
> > Private _Username As String = ""
> > Private _Roles As New ArrayList
> >
> > #Region " IIdentity "
> >
> > Public ReadOnly Property AuthenticationType() As StringstrPw> System.Security.Principal.IIdentity.Authentication Type> System.Security.Principal.IIdentity.IsAuthenticate d> > Get
> > Return "Special"
> > End Get
> > End Property
> >
> > Public ReadOnly Property IsAuthenticated() As Boolean Implements> System.Security.Principal.IIdentity.Name> > Get
> > Return Len(Me._Username) > 0
> > End Get
> > End Property
> >
> > Public ReadOnly Property Name() As String Implements> > Get
> > Return Me._Username
> > End Get
> > End Property
> > #End Region
> >
> > Public ReadOnly Property UserID() As Integer
> > Get
> > Return Me._UserID
> > End Get
> > End Property
> >
> > Friend Function IsInRole(ByVal strRole As String) As Boolean
> > Return Me._Roles.Contains(strRole)
> > End Function
> >
> > Friend Function LoadIdentity(ByVal strUser As String, ByValAs> As String) As _> BusinessRules.SecurityBUS.SecIdentity> >> SecurityBUS.GetData --> " + vbCrLf + ex.Message)> >
> > Dim myDAL As New DataAccess.SecurityDAL
> > Dim myTable As New DataTable
> > Dim myDR As DataRow
> > Try
> > myDAL.CS_ConnectString = Me.ConnectionString
> > myTable = myDAL.LoadIdentity(strUser, strPw)
> >
> > Me._UserID = 0
> > Me._Username = ""
> > Me._Roles.Clear()
> >
> > If Not myTable Is Nothing Then
> > If myTable.Rows.Count > 0 Then
> > '--user is authenticated
> > Me._UserID = myTable.Rows(0).Item("UserID")
> > Me._Username = myTable.Rows(0).Item("Username")
> >
> > For Each myDR In myTable.Rows
> > Me._Roles.Add(CStr(myDR.Item("Role")))
> > Next
> >
> > End If
> > End If
> >
> > Catch ex As Exception
> > Throw New System.Exception("Error: In module> System.Security.Principal.IIdentity Implements> > End Try
> >
> > Return Me
> >
> > End Function
> >
> > End Class
> >
> > Public Class SecPrincipal
> > Implements IPrincipal
> >
> > Public ConnectionString As String
> > Private _Identity As SecIdentity
> >
> > #Region " IPrincipal "
> >
> > Public ReadOnly Property Identity() As
> System.Security.Principal.IPrincipal.Identity> Implements System.Security.Principal.IPrincipal.IsInRole> > Get
> > Return Me._Identity
> > End Get
> > End Property
> >
> > Public Function IsInRole(ByVal role As String) As Boolean> > Return Me._Identity.IsInRole(role)
> > End Function
> >
> > #End Region
> >
> > #Region " Login Process "
> >
> > Public Sub Login(ByVal strUsername As String, ByVal strPassword> String)> currentdomain.SetPrincipalPolicy(PrincipalPolicy.U nauthenticatedPrincipal)> >
> > Dim currentdomain As AppDomain = Thread.GetDomain
> >> BusinessRules.SecurityBUS.SecPrincipal Then> >
> > Dim OldPrincipal As IPrincipal = Thread.CurrentPrincipal
> > Thread.CurrentPrincipal = Me
> >
> > Try
> > If Not TypeOf OldPrincipal Is> can do in this case> > currentdomain.SetThreadPrincipal(Me)
> >
> > End If
> > Catch ex As Exception
> > '--Failed, but we don't care because there's nothing we> are really logged in.> > End Try
> >
> > '--Load the underlying identity object that tells whether we> strPassword)> > '--If so, will contain the list of roles we belong to.
> > Dim myIdentity As New BusinessRules.SecurityBUS.SecIdentity
> > myIdentity.ConnectionString = Me.ConnectionString
> > Me._Identity = myIdentity.LoadIdentity(strUsername,>> >
> > End Sub
> >
> > #End Region
> > End Class
> >
> > End Class
> >
> >
> > ..thanks for having a look. Klaus.
> >
> > ---
> > Posted using Wimdows.net Newsgroups - [url]http://www.wimdows.net/newsgroups/[/url]
>
Paul Glavich [MVP - ASP.NET] Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
