I'm doing research on user authenticaion and RBAC for a enterprise level project we are starting. We will be developing with C#/.Net 3.5 and I don't want to start off on the wrong foot with something that is already out of date.
If I could ask a basic question...
Is application managed authorization the way to go for deployments where not all the users will be on a domain?
We have a stand alone Windows app (rich client) which may or may not be on a computer with network access. We need user authorization and RBAC to satisfy some security regulations in our industry. Some of our deployments will be at large installations where
the machines will be on a domain and our application will communicate with a central SQL Server for data storage. We will also have many deployments on stand alone PCs with SQL Server Express running locally for data storage.
I am assuming that the thing to do is to store the username/password and RBAC roles on the SQL Server.
It seems like there are tools in the Security Block and Authorization Manager to facillitate this.
Thank you for any advice.
It is still relevant except that I think other technologies should be included, like for example, WCF.
It's hard to tell, and should I say I'm not the best person to answer your question on how relevant it will be to implement it in your application but here's what Security Application Block could provide you. You can definitely implement authorization based
on roles with it. If you're going to store the username and password, you just have to create an IPrincipal object out of it and you can already use the built in provider in it. For a more detailed info, check out the documentation or see this tutorial..
Global Technology & Solutions