tags:

views:

377

answers:

1
Q: 

LDAP (AD) integration for WPF Application.

I was demonstrating my WPF application to a customer and he asked me if I have LDAP or can integrated with Active Directory (AD).

My application has its own in-build user security and data access security. I use my security framework to authenticate and give rights on screen and data access. The client asked me if I could add or integrate with active directory. He need the user to just remember his Windows password and not of my application.

I could implement Active Directory logic but then I have to modify my application to associate an Active Directory user with my application's users so when the AD user logs in then he is authenticated and associated as my local user since the local user need to be associated with his security and data access settings. Is this the way to go?

I will be using .NET 3.5 classes for this etc. This would mean the administrator of my application should go to the user screen and associate the local user with the LDAP user also.?

+2  A: 

No, I don't think what you are proposing sounds like the right thing to do.

Rather, you should base security on a pluggable architecture (e.g. IPrincipal), and then have some way your application can be configured to use either your own security framework or simply WindowsPrincipal (that derives from IPrincipal):

You could, for example, have a configuration setting that specifies which security provider to use. If configured to use your own system, it's going to ask the user for credentials and populate Thread.CurrentPrincipal with an instance that is based on your system.

If configured to use AD, it's just silently going to set Thread.CurrentPrincipal to WindowsIdentity.GetCurrent() (wrapped in a WindowsPrincipal).

Take a look at how ASP.NET or WCF deals with security - that's basically what they do.

Mark Seemann  2009-08-26 11:10:18
+1 for the pluggable architecture! That's the way to go to remain flexible
marc_s  2009-08-26 11:38:22
Actually the security framework I developed is pluggable and is AOP.So what is the advantage if I inherit from IPrincipal, I aleady have my interfaces (frameworked)
abmv  2009-08-26 11:38:33
@abmv: IPrincipal is just the standard way of modeling a lot of security concerns in .NET, so if you adopt it, you will get a lot of other things essentially for free - for example AD integration, which is simply provided out of the box by WindowsPrincipal.
Mark Seemann  2009-08-26 11:43:35
ok that is good
abmv  2009-08-26 11:47:02
Well code wise I may have to make some changes as I mentioned above since without association how can I do it,arctecture wise ok i can do it.
abmv  2009-08-26 11:49:03

related questions

What considerations should be made before reinventing the wheel?
Is "RTFM" counter-productive?
Best Way to Begin Learning Web Application Design
Non Public Members for C# Interfaces
Where is a good place to find a talented web designer?
How do you begin designing a large system?
Is Single Responsibility Principle a rule of OOP?
Looking for example of Command pattern for UI
Are there good resources on federated software?
Class designer
Resources on wordpress theme-development
Designing a Calendar system like Google Calendar
Design debate: what are good ways to store and manipulate versioned objects?
Good Resources for Relational Database Design
What are the best resources on designing a new language?
Personalized icon next to the URL address in the browser's address bar?
Generating Icon Files
Best WYSIWYG CSS editor?
MVC pattern question: Who has what? who calls what?
Javascript and PHP - Login Script with hidden buttons
Icons: How does a developer with no design skill make his/her application icons look pretty?
What are you using for Web UI/layout design?
What programs do you use to create graphic images?
Folders or Projects in a Visual Studio Solution?
How do you test layout design across multiple browsers/OSs?