tags:

views:

841

answers:

4
+3  Q: 

Storing static user data in a C# windows application.

I have an application that needs to hit the ActiveDirectory to get user permission/roles on startup of the app, and persist throughout.

I don't want to hit AD on every form to recheck the user's permissions, so I'd like the user's role and possibly other data on the logged-in user to be globally available on any form within the application, so I can properly hide functionality, buttons, etc. where necessary.

Something like:

if (UserProperties.Role == Roles.Admin)
{
    btnDelete.Visible = false;
}

What are the best practices for storing static user data in a windows app? Solutions such as a Singleton, or global variables may work, but I was trying to avoid these.

Is a User object that gets passed around to each form's contructor just as bad?

A: 

You can use the Profile provider from the asp.net in you Windows App. Check it out @ http://fredrik.nsquared2.com/viewpost.aspx?PostID=244&showfeedback=true

Hope it helps, Bruno Figueiredo http://www.brunofigueiredo.com

Bruno Shine  2008-11-07 18:30:53
+2  A: 

Maybe my judgement is clouded by my frequent use of javascript, but I think that if you have something that is meant to be global, then using global variables is okay.

Global is bad when you are exposing things globally that shouldn't be. Global is okay if it is semantically correct for the intended use of the data.

Geoff  2008-11-07 18:31:26
+5  A: 

Set Thread.CurrentPrincipal with either the WindowsPrincipal, a GenericPrincipal or your custom principal. Then, you can just call IsInRole:

if (Thread.CurrentPrincipal.IsInRole(Roles.Admin)) {
   btnDelete.Visible = false;
}
Mark Brackett  2008-11-07 19:22:40
+1  A: 

Static data (or a singleton) seems fine for this if you want to scope the data to the application instance (or AppDomain).

However, given that you're talking about in effect caching a user's security credentials, you may want to carefully think about security loopholes. For example, what happens if the user leaves the application running for days? They could be performing operations under their days-old credentials rather than their most current credentials. Depending on what you're securing you might be better off checking credentials on demand or at least expiring the cached credentials periodically.

C. Dragon 76  2008-11-07 19:29:42

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?