jonnybee
commented
6 years ago If you have another Roles store than Windows roles you must use Custom authentication.
Open CrossSlide opened 6 years ago
jonnybee
commented
6 years ago If you have another Roles store than Windows roles you must use Custom authentication.
CrossSlide
commented
6 years ago So does that mean my users must go through a login step for my application?
jonnybee
commented
6 years ago Not necessarily - you can read values from the WindowsPrincipal (ex: current username) or you can also read username from Environment.UserName but you must then create a custom principal to load Roles from your own role store.
CrossSlide
commented
6 years ago Ok, I'll see if I can figure it out. Thanks!
hurcane
commented
6 years ago You can log users in automatically without making them go through a dialog. Our main project is tied to domain users, but uses a custom principal. We have a table that contains user-specific information that is keyed by the account name.
Our custom principal takes a WindowsPrincipal as a criteria for the Login method. We call that method automatically at the start of the application. Within the method, we load the roles through a standard CSLA mechanism, using the property from the WindowsPrincipal that matches the key in the database table.
CrossSlide
commented
6 years ago Thanks hurcane! I think I see what you mean. I'm just trying to get over the initial learning hump. ;-)
Chicagoan2016
commented
6 years ago @hurcane , that's interesting solution, I would like to see some sample code if possible. Thanks
CrossSlide
commented
6 years ago @Chicagoan2016, What I'm doing is having my application get the WindowsIdentity.GetCurrent(false).Name on startup. Then I use Custom Authentication as described by passing the Name but not a Password.
Chicagoan2016
commented
6 years ago Thanks @CrossSlide , I wonder if we could accomplish the same in a web application.
CrossSlide
commented
6 years ago @Chicagoan2016, not sure on that one.
ghost
commented
6 years ago @Chicagoan2016 I haven't done Windows authentication with a web application but I have done ADFS and from what I recall, I did not have to use a custom identity. I did have to work with our Active Directory team to configure the security token service (sts) and get the right claims coming back from AD. My use case was very limited though so it did not have to get complex. I just didn't want to have to deal with user management on my side.
I also have a custom principal/identity for another application with authentication going to a web service and user/role store information within the application using aspnet membership.
If you are doing anything new, you should try to avoid that and use Identity 2 with claims instead or throw it over the fence at an identity service.
jonnybee
commented
6 years ago WebApplications and custom roles is a different "beast".
In ASP.NET Identity 2 you can as an alternative override IdentityUser.GenerateUserIdentity and load roles from a custom Role store (f.ex database and merge into to Roles from ASp.ENT Identity store).
You can also sign in user without demanding a password in ASP.NET Identiity 2 but you need a reliable source for username.
Hi, I’m just staring with CSLA4 and WPF. I want my users to be able to use my application without a login step, they’ve already logged into Windows. But, I want to use roles I manage in a SQL table. How do I do this? Do I use Windows authentication or will I need to use Custom authentication? Thanks!