[Mono-list] how to do proper role based authentication in web apps

Peter Foley peter.foley@abs.gov.au
Fri, 4 Jun 2004 16:20:16 +1000

Have a look at the Microsoft MSDN site. There is a document there about the
Providers pattern which is used in ASP.NET 2 for a membership class. It is very
straightforward to write your own membership class that uses a provider e.g. a
sql database to store rol info.

|        |          "DI Mag. Rainer  |
|        |          Burgstaller"     |
|        |          <rainer.burgstall|
|        |          er@web.de>       |
|        |                           |
|        |          04/06/2004 03:46 |
|        |          PM               |
|        |                           |
  |                                                                            |
  |      To:     "mono-list@lists.ximian.com" <mono-list@lists.ximian.com>     |
  |      cc:     (bcc: Peter Foley/Staff/ABS)                                  |
  |      Subject:     [Mono-list] how to do proper role based authentication in|
  |       web apps                                                             |


I have a question on how to properly do RBA in web applications. I am
currently using the formsauthentication but it only supports fixed users
stored in the web.config file which is pretty inflexible (am I missing
something)? So what I currently do is to override the
Thread.CurrentPrincipal and HttpContext.User by the user which is stored
in the cookie (which I also create by hand). I do that in the global.asax.

I checked a few open source projects (omniportal, Rainbow) on how they do
it but it does not seem like they do it too good either (I dont mean to
insult anyone). I am coming from the java side and there JAAS offers a
quite elegant way of doing such a thing by using "plugin" authentication
providers. So I wondered if there is such a possibility or if I could
somehow replace the FormsAuthenticationModule by something I do which then
allows authentication agains a db for example.

any suggestions?
Mono-list maillist  -  Mono-list@lists.ximian.com

ABS Web Site:  www.abs.gov.au