Video: How Do I: Create a Windows Principal for Role Based Security?

Presenter:Todd Miranda

Use the WindowsPrincipal class to create an authorization scheme that ties into a Windows NT or Windows 2000 domain. Todd Miranda demonstrates how to create and use a Windows Principal.

The following text is a software generated transcript of the video. Click on a minute link to jump to a location within the video



Minute 0

Fellow first time random in this field and demonstrate how to create and use a Windows principal source began in Visual Studio would use Visual Studio 2008 you can use Visual Studio 2005 and founder target the net framework to the auto is really nothing specific in year to 2008 or two of any later version on a framework writes only more project and were created for a simple form would need a lot here so at a button and will come it will add a label right for a label ago there were but a purveyor of button will say he check if it diminished trigger and our labels


Minute 1

Will be fun like that for sure place the text or label will name her label labels and message right so let s get our click of it for button bill many of these but we organize me to add a using system threading is ready to access the threads and then system security principal obviously since were dealing with the principle in this case the Windows frontal okay so if you re unfamiliar or you confused by the division of principal and identity want to think of it would be to look at the identity as being the user and windows to some degree the user contains information about that user so we could do identity name to get the name of the currently logged in user


Minute 2

On the other hand of principle is kind of why to some degree groups so you ve got a user that belongs to a group the group implies typically implies a certain level of authorization or certain certain roles were sure membership that that user past soy principle has an identity property and they work together to give you both pieces of the puzzle but we deal with a principle in order to check for a since of our roles and level of permissions for picture user right so let s go ahead and jump in my creating our principle and we do that by starting with the Windows identity user identity equals when there was identity not get car as we want the currently logged in user or the currently logged in identity then were SA


Minute 3

Windows principal user prints full equals new Windows principle and were passed in the identity that we just got but okay that s pretty much yet at that point we have a Windows principal Phyllis tickle look at how we would use this principle so once we have a principle now we got access to the the roles of person belongs to the roles the person is currently playing so let s just do something like this loosely if user principal is in role and there s two different ways we do this will look at the way that look at the screen way first week actually of Wesley lets go with a built in and will look at the administered careers


Minute 4

Right so to check to see if the on the user principal he is in role and the role the work of four is the built in administrator for a right sorrow else and will come in here and we ll do label message txt equals you or an administrator label message text you are not an Edmonton this stripper aren t so by using this is in role function and passing in the role we want check we can then determine whether the user is in a particular role or not


Minute 5

Of us build this is if we forgot anything quite build succeeded so let s run it and correct solos for particular destroyer as as you are not an administrator are great so let s close that a little trickier and going to him actually go into the output directory where we created the file and underrun this manually from here but I m going to do it run as administrator investor so this is a well made to run the application under the context or within the security role as an administrator so yes I ll I ll I ll so now we ve are applications where now are running under the guise of the contest his ministers or role now is considered administrator so now we say you are an administrator


Minute 6

Okay so that s how we use via Windows principle to check what role therein that would be a good way to did it in an application so one additional note nausea to note was lifted away with him do this instead of using a string via the things we can pass here is there is this one does built in roll enumeration and we can do Windows builds enrolled on administrator singing the same exact thing just where you will use the string version or you wonder if you re using a built in roll you can use as Windows built in roll out in a Russian style one note on the way we created this principle though this way of creating what if principle is gray if you re just going to maybe upon logging in or select that your application with first on your picture runs you uncheck the roles of users in this is this is okay because okay way to do that


Minute 7

However if you do use this role mechanism as throughout her application in a multiple places than you wanted differently to create the principle that is just a little bit more and performance for efficient so we re looking at a different way to create principal rights and again this way here is perfectly fine if you re good if you got to do this once or twice some of you do when the application starts up and write vinegar set about to settings and be done with it the rest of the application but if you re going with the application in a similar form a Sunday do some action here to check the role before you complete the action for them to do this multiple times and there s a more efficient way to grab the principal and a former show you writes the will to do first is weird ago we look at the the application domain to this is the application domain the applications running in and yes we want a current domain and were ago set


Minute 8

Is what policy choices that this sets the way that principles and identities or our work with threads aren t so what is said is when you use an enumeration principle policy Windows principal sort of tell it that you know by the fall of the typical way that we want a thread to grab and use the identity and principle is to use the Windows principal or once we ve done that then we can come in here into a difference will use her principal equals new partners or equals cast to a Windows principal say why the second thread current principal so we said the personal policy for the threads in the current application domain to use the Windows principal they were in excess of the thread the current


Minute 9

Read by using current principal all on the thread to grab the Prince will out of the current running thread node is returned and I principal so which do you cast it to Windows principal is argued that it is yet so we hope not not to tear the much more complicated than this method is not affect its really not a whole lot more code to be all and it works exactly why so is run as and we should check you are not an administrator was open up the forward game to run this as administrator gets awhile and quicker but again and you are an administrator okay so first rate for Tikrit when a stressful and use that to be able to enable role based security in your application of based on Windows and the logged in currently logged in user will find more resources on


Minute 10

Secure developer visit www hellofsecureworld com

Click here to go to original video page