You need to establish a user security context that will be used for authorization checks such as IsInRole.

You are writing code for user authentication and authorization.
The username, password, and roles are stored in your application data store.
You need to establish a user security context that will be used for authorization checks such as IsInRole.
You write the following code segment to authorize the user.
if (!TestPassword(userName, password))
throw new Exception(“could not authenticate user”);
String[] userRolesArray = LookupUserRoles(userName);

You are writing code for user authentication and authorization.
The username, password, and roles are stored in your application data store.
You need to establish a user security context that will be used for authorization checks such as IsInRole.
You write the following code segment to authorize the user.
if (!TestPassword(userName, password))
throw new Exception(“could not authenticate user”);
String[] userRolesArray = LookupUserRoles(userName);

A.
GenericIdentity ident = new GenericIdentity(UserName);
GenericPrincipal currentUser = new GenericPrincipal(ident, userRolesArray);
Thread.CurrentPrincipal = currentUser;

B.
WindowsIdentity ident = new WindowsIdentity(userName);
WindowsPrinciplal currentUser = new WindowsPrinciplal(ident);
Thread.CurrentPrincipal = currentUser;

C.
NTAccount userNTName = new NTAccount(userName);
GenericIdentity ident = new GenericIdentity(userNTNmae.Value);
GenericPrincipal currentUser= new GenericPrincipal(ident, userRolesArray);
Thread.CurrentPrincipal = currentUser;

D.
Intptr token = IntPtr.Zero;
token = LogonUserUsingInterop(userNmae, encryptedPassword);
WindowsImpersonationContext ctx = WindowsIdentity.Impersonate(token);

Explanation:
Because the application storing the credentials, the GenericIdentity & GenericPrincipal classes
should be used instead of the WindowsIdentityPricipal classes.
B uses WindowsIdentity & WindowsPrincipal
C incorrectly uses NTAccount to initialise a GenericPrincipal. GenericPrincipal requires an implementation of IIdentity.
D the WindowsIdentity.Impersonate() is used for running code in the context of another user. Impersonation is not what is required.



Leave a Reply 1

Your email address will not be published. Required fields are marked *


mr_tienvu

mr_tienvu

I have the same idea. A