Authentication and authorization with custom implementation of IPrincipal and IIdentity RRS feed

  • Question

  • Hi there.


    I'm playing around a little with authentication which is going to be used in a smart client. Let's start with the authentication. To authenticate a user an external package is used to call the server which verifies the user. I started to implement the authentication and authorization using IPrincipal and IIdentity. All went well until I discovered I can't call AppDomain.CurrentDomain.SetThreadPrincipal(..) more than once. Am I missing something or should I perhaps think of another approach to authentication/authorization? I know of Thread.CurrentPrincipal, but I want the whole application to be aware of the principal changes. I would like the user to be able to log out and login as another user with other roles. I could probably make it work by making the principal object mutable, but it doesn't look like the correct way of doing things.


    Are there any other appraoches to authentication/authorization than IPrincipal/IIdentity?


    Thanks in advance.


    Monday, October 13, 2008 2:55 PM