I’m trying to implement Authorization and Authentication in my current winforms project. The Authentication also has to match a user in an SQL Server 2008 database. The thing is, it’s a multi-user program, so when a new user is added, a database is created and the users identity added to the database.
I wondered if that is possible implementing IPrincipal and IIdentity. I’ve only found ASP.NET implementations so far.
Can anybody give me some guidance as to what’s the best way to implement password/userid security in a winforms application? Keeping in mind that it has to be verified with a database in SQL Server.
Meaning that a database has to exist for that user, and their credentials need to be correct.
You can implement your own
IPrincipalobject by writing a class that implements that interface.Since you are going to use a source other that Windows to provide username and password, you will also need to write your own
IIdentityimplementation as well.Fortunately these are not large interfaces.
For your custom
IIdentity, I would create a Login form that attempts to find a username/password combination in the SQL 2008 database. If found, your only concern then is how to populate the “Roles” of that user to provide functionality forIsInRole(string roleName)method off the interface.Here is a link to a detailed article on how to accomplish in both Winforms and ASP.NET
UPDATE
Also, once you attach this principal to the Current Thread (and subsequent created threads), you can also add attributes to your code that “demand” the current Principal belongs to a given role, or has a given name.
A good example of that is this article.