Windows login application

[bhushan1980]

Hi,
I have a requirement to create a windows application, that accepts user name and password as the user's credentials. However, I have different user groups and for users in each user group I am presenting a different form. However, only one user has to login on the only instance of that application running on that machine. So in any case, only one form will be run during the application life time for the user group selected. In web applications, we can set up our authentication and authorization in web.config and / or database. But how is it done in windows application, I have no clue. So please if any one knows anything on providing an windows application that checks for the login credentials and the user group (role) and navigates to different forms based on that info, please let me know. Any notes, tutorials and / or links are highly appreciated...
Thanks,
Bhushan

[Arjay]

A couple of articles to get you started.

http://msdn.microsoft.com/en-us/library/ftx85f8x.aspx

http://msdn.microsoft.com/en-us/library/52kd59t0.aspx

http://blogs.microsoft.co.il/blogs/a...and-Tasks.aspx

http://www.codeproject.com/KB/securi...nServices.aspx

[bhushan1980]

Got caught up with something...I will read those articles and get back to you. Thanks for those. To ellaborate further, I am developing a software where the client wants this kind of functionality with multiple user groups. Only after reading the articles, I will have some idea on how to implement those.
Bhushan

[Arjay]

This might be getting a bit ahead of the game, but I'm not entirely happy with the default membership/role database that is used in all of these samples. This database gets created when you run the aspnet_regsql.exe tool.

I don't find the database role provider flexible enough, because the roles define the 'role' of a user like "Manager_role", "Employee_role" and so on. Users are then mapped into specific roles. When you code up functionality, you check for access with IsUserInRole( "user", "Manager_role" ).

That's all fine, you got several places in your code that checks for these specific roles and in some cases checks for multiple roles.

Where this breaks down is when you want to change the types of operations that each role provides. Say I want to the employees access to an operation that a manager has. Or say I want to introduce a new role, like "Lead_role". This results in a code change and much testing to make sure the new role was added in all the right places.

Instead I prefer to think of the Windows security model. Where there's Users, groups, and rights or permissions. In Windows, the rights are pretty much static, but new groups can be created, users assigned to the groups, and groups and users can be assigned different rights. We often think of users being part of the group (like the administrators group), but these groups are nothing more than containers of rights.

I liked that model, so I modified the aspnet db to provide that functionality and wrote a couple of membership and role providers to use the new functionality.

Since the role provider only knows about roles, I couldn't rename 'roles' to something like 'rights'. Even though I couldn't rename it, it doesn't mean that conceptually I couldn't treat a role as a right in my code. And code to finer grained operations like IsUserInRole( "PII_View_right" ) or IsUserInRole( "Employee_Add_right" ).

Since an application might potentially end up with 100's of 'roles', it wouldn't be very convenient to have to assign the appropriate roles to each and every user in the system. For this reason, I modified the aspnet db and added a groups table. The groups table now takes on the what formerly was the Role. Now users would be assigned to the "ManagerGroup" (rather than having a "Manager_role").

Groups include Roles and users are included in groups (roles can also be assigned directly to users). When the role provider asks the db for a list of roles a user is assigned, the db simple walks though the list of groups the user is a member of, builds a list of unique roles in the groups, and then appends any roles assigned to the users directly.

It's really a fairly trivial change but it allows me to manipulate the operations the user can perform by copying or moving rights (i.e. roles) in or out of groups. Users can be added to more than one group as well. The beauty of this approach is that all of this can be managed externally so the app doesn't need any code changes.

That all being said, you might find the what the aspnet db provides is just fine. I didn't so, I just thought to share this alternative.