|
|
Designing distributed application authentication and authorization approaches is a challenging task. Proper authentication and authorization design during the early design phases of your application development helps mitigate many of the top security risks. The following summarizes the information in this chapter:
Use the trusted subsystem resource access model to gain the benefits of database connection pooling.
If your application does not use Windows authentication, use .NET role checking to provide authorization. Validate credentials against a custom data store, retrieve a role list and create a GenericPrincipal object. Associate it with the current Web request (HttpContext.User).
If your application uses Windows authentication and doesn’t use Enterprise Services, use .NET roles. Remember that for Windows authentication, .NET roles are Windows groups.
If your application uses Windows authentication and Enterprise Services, consider using Enterprise Services (COM+) roles.
For meaningful role-based authorization using Enterprise Services (COM+) roles, the original caller’s identity must flow to the Enterprise Services application. If the Enterprise Services application is called from an ASP.NET Web application, this means that the Web application must use Windows authentication and be configured for impersonation.
Annotate methods with the PrincipalPermission attribute to declaratively demand role membership. The method is not called if the caller is not in the specified role and a security exception is generated.
Call PrincipalPermission.Demand within method code (or use IPrincipal.IsInRole) for fine-grained authorization decisions.
Consider implementing a custom IPrincipal object to gain additional role-checking semantics.
|
|