S
siddharthkhare
Hi All
Please see if some can help me in answering these. These questions are
on security application block.
1.is it correct that even when we are using security appliocation
block..creation of users is still done through provider mechanism
provided in asp.net. it is only that the role based security (and
caching) that scurity application block takes care of.
2. would it make sense to wrap this component in a web service so
that there is no need to install it on every client/consumer machine.
Any problem that you can get into by wrapping it into web service?..
such as since provider settings go in web.config of client
application..now ones you move it web service those settings will go
in web.config of the web service and assuming you have two consumers
making call to web service one using AD and other using sql...would it
work?
3.can i make roles applications specific so aplication A has roles
R1,R2 and applications B has roles R3 and R4. I am trying to make a
generic web service that can take applications name as input and serve
the authentication/autherization need of mutiple application. This web
service will internally use security application block.
4.when you run aspnet_regsql it creates certains tables to store user-
profile information in sql back end. now the tables it creates will
not have all the attributes/columns of user for a specific business
aplication...allmost always. so what is a recommended best practise in
this? should we store the other attributes of user in a seprate
aplications specific user table? if you do that should we be worrying
about transaction when inserting in aspnet_regsql created tables and
your applicatiom specific 'User' table? is it not a maintainance
problem becuase now you have make sure that two do not tget out of
sync etc.
Thanks
Siddharth
Please see if some can help me in answering these. These questions are
on security application block.
1.is it correct that even when we are using security appliocation
block..creation of users is still done through provider mechanism
provided in asp.net. it is only that the role based security (and
caching) that scurity application block takes care of.
2. would it make sense to wrap this component in a web service so
that there is no need to install it on every client/consumer machine.
Any problem that you can get into by wrapping it into web service?..
such as since provider settings go in web.config of client
application..now ones you move it web service those settings will go
in web.config of the web service and assuming you have two consumers
making call to web service one using AD and other using sql...would it
work?
3.can i make roles applications specific so aplication A has roles
R1,R2 and applications B has roles R3 and R4. I am trying to make a
generic web service that can take applications name as input and serve
the authentication/autherization need of mutiple application. This web
service will internally use security application block.
4.when you run aspnet_regsql it creates certains tables to store user-
profile information in sql back end. now the tables it creates will
not have all the attributes/columns of user for a specific business
aplication...allmost always. so what is a recommended best practise in
this? should we store the other attributes of user in a seprate
aplications specific user table? if you do that should we be worrying
about transaction when inserting in aspnet_regsql created tables and
your applicatiom specific 'User' table? is it not a maintainance
problem becuase now you have make sure that two do not tget out of
sync etc.
Thanks
Siddharth