Coming from ASP.NET into WindowsForms app development I was expecting to see the similar controls to work with. To my surprise, I didn't see any security controls (login, user management, etc.)
Am I missing something, or I'd have to implement my own security for the application (role based security, user management, etc.)?
The application is for internal use (10 -20 users) but security is very important due to sensitive data. (MSSQL Server 2005 is in the back end, .NET 3.5)
Any info would be appreciated.
i guess my question is "Is there an analog of ASP.NET's Membership provider in WinForms?"
after some Googling i found this article, I'll give that a try, any other suggestions are appreciated.
Add the control by double-clicking When a control is double-clicked, it is automatically added to the current open form with default settings.
Perform CRUD Operations Using Entity Framework. First of all, create a Windows Forms App. To create a new app click on file menu > New > New project and select Windows Forms App then click on Next button. ProjectName - Enter your project name in this field.
Since you don't have an accepted answer and since I stumbled on this question researching another, I will endeavor to give you some pointers.
As has been pointed out, user management and role-based security in a win forms app is not something that will actually work client-side. In a web analogy, imagine trying to implement all of your security using only javascript and cookies, keeping no information on the server-side. It's insecure by default.
As has also been suggested, you can implement security on your database and have your users connect directly to the database from your win form. I would highly recommend that you do NOT pursue such a course. User management will become a nightmare. You need a middle tier.
What you should do is build a web service that implements role-based security (since you're familiar with it -- there are better authorization options out there) and has a custom authentication store. If you use WCF to build the web service, you can use the same RoleProvider and MembershipProvider classes that you're used to in ASP.NET.
That web service handles all of the business logic of your system and is responsible for connecting to the database. It provides a secure layer of abstraction and reduces the amount of database administration you need to do in order to manage your users. Your win forms app becomes a UI shell, responsible only for handling user interactions and up-front data validation (you should also validate at the middle tier) and nothing else.
Most times a Windows Forms application is used in an internal network with Windows Domain accounts.
In this case you should use "Integrated security" to connect to the database and test if user is authenticated with
WindowsIdentity winIdentCurrent = WindowsIdentity.GetCurrent();
if (winIdentCurrent != null)
{
Console.Write("WindowsIdentity.GetCurrent(): ");
Console.WriteLine(winIdentCurrent.Name);
Console.Write("WindowsIdentity.GetCurrent() IsAuthenticated: ");
Console.WriteLine(winIdentCurrent.IsAuthenticated);
// Everything is fine, trust Windows API :-)
}
otherwise
authenticate the user/pass via your own method (db call)
AND set the Thread.CurrentPrincipal to your own Principal object
Microsoft released Client Application Services to do exactly what I think you are looking for...
http://msdn.microsoft.com/en-us/library/bb384297.aspx is the official doc http://aspalliance.com/1595_Client_Application_Services__Part_1 is a nice tutorial (with screenshots etc)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With