[Mono-list] how to do proper role based authentication in web apps

Gonzalo Paniagua Javier gonzalo.reply.to.the.list.iam.suscribed@ximian.com
Sat, 05 Jun 2004 05:57:56 +0200

El vie, 04-06-2004 a las 07:46, DI Mag. Rainer Burgstaller escribió:
> Hi
> I have a question on how to properly do RBA in web applications. I am  
> currently using the formsauthentication but it only supports fixed users  
> stored in the web.config file which is pretty inflexible (am I missing  
> something)? So what I currently do is to override the  
> Thread.CurrentPrincipal and HttpContext.User by the user which is stored  
> in the cookie (which I also create by hand). I do that in the global.asax.
> I checked a few open source projects (omniportal, Rainbow) on how they do  
> it but it does not seem like they do it too good either (I dont mean to  
> insult anyone). I am coming from the java side and there JAAS offers a  
> quite elegant way of doing such a thing by using "plugin" authentication  
> providers. So I wondered if there is such a possibility or if I could  
> somehow replace the FormsAuthenticationModule by something I do which then  
> allows authentication agains a db for example.


Mono supports that.