2

I have a WPF application and a SQL Server database with a Users table. Every user has it's own row including hashed password and role in Users table.

I need to let them authenticate in my application and keep some kind of credentials, including role. Based on that role, they will see only what they should see.

Can you give me some clue how to accomplish it? What is the best way to keep those credentials and hide parts of my application based on user's role?

Thanks for any help, JiKra

Ok, I was thinking and how about to use a singleton? User authenticates, I grab his role from database, instantiate a singleton, set his credentials and use them in my app. Is that correct? It's the easiest way to do that? JiKra

Improve this question
8
  • Is this a two tier application where the WPF client talks directly to the database or a three tier application where the WPF client talks to webserver/service which talks to the database? Commented Feb 12, 2012 at 17:16
  • Examine the excellent multi-part series on ASP.NET Membership and Role subsystem - you can use if from WPF, too - no problem - and it's already there, it's available, it works and it's proven its value thousands of times over. Commented Feb 12, 2012 at 17:16
  • Jared: I use datasets to talk directly to the database. Commented Feb 12, 2012 at 17:31
  • marc: I can't imagine, how to use asp.net membership in wpf. To be clear, I'm a bit of beginer, my app is realy simple, and I need a quick and simple solution... Commented Feb 12, 2012 at 17:33
  • You should be aware that if you are talking directly to the database, you can essentially have no real security. This is because the application on the desktop will have to have the connection string somewhere, and an end user could always look at that connection string and manually access the database to view all users and their passwords. Commented Feb 12, 2012 at 17:39

1 Answer 1

Reset to default
1

The "functional model" as you call it can be based on the MembershipProvider/RoleProvider APIs. There's a tutorial video by Todd Miranda:

http://windowsclient.net/learn/video.aspx?v=293710

What the tutorial lacks is where you should store the information so that it's available for the other parts of the application. The answer is simple - since you have the stateful application, you can store the information in a shared (static) resource in a class.

Please also be aware of a potential security risk, I've added a comment under your question.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

OK, I'll take a look. Some static class or a singleton is what I thought to be a solution...
@JiKra: in reference to your comment, if your application relies on integrated security then what you store additional passwords for?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.