[Mono-list] how to do proper role based authentication in web
Gonzalo Paniagua Javier
Sat, 05 Jun 2004 05:57:56 +0200
El vie, 04-06-2004 a las 07:46, DI Mag. Rainer Burgstaller escribió:
> I have a question on how to properly do RBA in web applications. I am
> currently using the formsauthentication but it only supports fixed users
> stored in the web.config file which is pretty inflexible (am I missing
> something)? So what I currently do is to override the
> Thread.CurrentPrincipal and HttpContext.User by the user which is stored
> in the cookie (which I also create by hand). I do that in the global.asax.
> I checked a few open source projects (omniportal, Rainbow) on how they do
> it but it does not seem like they do it too good either (I dont mean to
> insult anyone). I am coming from the java side and there JAAS offers a
> quite elegant way of doing such a thing by using "plugin" authentication
> providers. So I wondered if there is such a possibility or if I could
> somehow replace the FormsAuthenticationModule by something I do which then
> allows authentication agains a db for example.
Mono supports that.