Video: How Do I: Create a Generic Principal for Role Based Security?

Presenter:Todd Miranda

Join Todd Miranda as he shows you how to make and utilize a Generic Principal. Use the GenericPrincipal class to create an authorization scheme that exists independent of a Windows NT or Windows 2000 domain, or use your own custom role scheme.

The following text is a software generated transcript of the video. Click on a minute link to jump to a location within the video



Minute 0

Fellow miners taught Miranda in this video and demonstrate how to create a generic principle and then use it for role based security list again with Visual Studio 2008 you can use Visual Studio 2005 with this that will be fun and will name it appropriately right sort of create Java dual purpose formed just for this demonstration so let s create a text box will need a label and only a couple of buttons are right so and buttons in her first label text box in the text box and or second label up and so this label will be


Minute 1

User does lay wolves will be password and this text box will call that checks user and will call this text pass right so this button will be our login button in this button will be our test user button open list your event handlers for buttons and whosoever layout are so great for doing this is the most times if you would create a generic principal a lot that is because you want to handle your own


Minute 2

Authentication your own logging and if you really usually want to be tied to the Windows system to provide that principal and identity information for you so that forwarded to demonstration this way as far as looking at taking the users logging in and do some things with that so the first thing to do is room validate our user against some store where the story is in the arcades are stored in the hardcoded string so we ll say it takes user text equals site Todd and actually will this change that to a more generic user and text pass text equals pass alright and that users can be authenticated so the first


Minute 3

We need to do is we want to create our generic principle and then we will attach the principle to the currently running thread so to do that organ need a few other names faces appear access so rid say using system threading because we want access the thread and using system security principal prefer to be a creating a generic principle or so when you create a generic identity user identity equals new generic identity and this is going to the text user text as is the name of the user that we want to create identity for them to create some some roles now in a case like this


Minute 4

You might you might make a query in their database pass and the username password or passing username is a hashed password check against the database in an era to return the roles of that user belongs to so that way you can carry though the rolls around with you you have to hit the data store for your roles anymore so that would be an example of why we would do something like this original string array and recall this role strain array and this can be equaled through our array and will call this as a manager engineer that should be fun open for an where going to looks generic principal user principal people


Minute 5

New generic principal and pass in the user identity or the identity to be created and the roles so roles for an array that so now we got with greater identity we ve gotten our roles and we created our new principal object now we need to be able to use this later on in the application so we need to attach it to the current thread serenity that by saying the red dot current principal equals user principal and were ready to go so now the person has logged in with created this year principle we ve added to the current thread now we can use that principle later on down the road to do any kind of role based checking so let s do some role based checking let s say there


Minute 6

2 for finger do is grab the principal alcove of the thread so we ve got generic principal will call this current principal equals and were to grab the current principal of the thread but returns and I principal so we want to cast this to engineer for full and were safe for a current principal is regret right back out of the thread television tests was the first they will he do everyone say if current principal identity is authenticated and will do something else or do something else or not they want less of a backdoor form and maybe you will move or button of them will add in other labels would write out some messages


Minute 7

So with this label your hand to this will be called a liberal message for so if they are authenticated weird check one of thing if they re not per se label message text you are not authenticated or we will just say he please log in right sort out if they are authenticated they want to see if they re in the correct role to build form this particular function so will say if and occur principal were used is in role function and murder pass it a strained role so here will do in Jr


Minute 8

House label message of text vehicles are you or earn engineer label message txt if not in say you don t belong here or I realize we attach you that some voice to that in a voice to your blog or a refund by season we don t grab a purposeful back out of the thread particularly sure if the user is authenticated and in which it see what role therein so let s build this is if we forgot anything up that s true and is defined on a method is just a Boolean property


Minute 9

So build a part bill succeeded let s run it right so the first we need to login to say we don t log Angeles and we click the test user and obviously what happened was we came into her routine down here we were not authenticated because the whatever principles in the current thread is not authenticated so we login so let s login with our user and we know that the password reset was passed and less processor to explore a press for block so let s login my nail that should have created our principal force allowed us to be in these two roles manager in engineer now for a quick test user your engineer is great still as close as I ll


Minute 10

And let s change the role that were looking for to test for and run it so now we login user Pass login to create our principles and now will test you don t belong here because we re not part of the tester role as it was not one of the roles that we added to our users principle okay so fairly straightforward to really create a generic principle than build a use that throughout your application to do role based type security well reality is if you do this you should he should at least also do some imperative and declarative security checks throughout the application but this is a good way to handle role based security especially in a situation where you may or may not necessarily know the roles of fraud that you want check for smoothest of a dynamic scenario but


Minute 11

If you want to know more and found that more resources on secure development visit www hellosecureworld com

Click here to go to original video page