CSLA .NET

Vibrant discussion about CSLA .NET and using the framework to build great business applications.

Forum has moved

New location: CSLA .NET forum


CSLA .NET Resources:
  • CSLA .NET forum
  • CSLA .NET home page
  • Authentication for WinRT devices joined to a domain

    rated by 0 users
    Answered (Verified) This post has 1 verified answer | 2 Replies | 2 Followers

    Top 25 Contributor
    202 Posts
    Tim posted on Fri, Jun 13 2014 3:21 PM

    We will have tablets running Win 8.1 Pro that will be joined to the domain, and users will sign in to those devices with their network credentials; however, I don't anticipate them connecting to the network via VPN while on the road. Instead, I expect the app to hit our remote DP on the DMZ, which in turn would talk to our internal app server behind the firewall. So it is a 4-tier deployment. In in this context, will I have access to their identify when sending requests to the remote DP?

    In other words, can I utilize ApplicationContext.User in the domain-joined WinRT world? Or should I expect to require the user to enter his credentials in the app itself and pass them (over https) with every call to the remote DP for authentication on the server? Thanks.

    Tim

    Answered (Verified) Verified Answer

    Top 10 Contributor
    9,475 Posts
    Verified by Tim

    I don't know the answer for sure, but I am doubtful that the credentials will flow from the client to the server in your scenario.

    In fact, given a 4-tier model, I'm quite certain they won't, because NTFS only flows credentials over one hop.

    So you could almost certainly get them to flow from client to the initial web server by setting the data portal endpoint to require NTFS/Windows security, and setting the client's WCF proxy to pass the user's credentials. But the credentials won't flow past the web server because that was your one hop.

    Rocky

    All Replies

    Top 10 Contributor
    9,475 Posts
    Verified by Tim

    I don't know the answer for sure, but I am doubtful that the credentials will flow from the client to the server in your scenario.

    In fact, given a 4-tier model, I'm quite certain they won't, because NTFS only flows credentials over one hop.

    So you could almost certainly get them to flow from client to the initial web server by setting the data portal endpoint to require NTFS/Windows security, and setting the client's WCF proxy to pass the user's credentials. But the credentials won't flow past the web server because that was your one hop.

    Rocky

    Top 25 Contributor
    202 Posts
    Tim replied on Fri, Jun 13 2014 5:31 PM

    Thanks, Rocky. I had forgotten about the multiple network hops in this circumstance. I think our network folks might have enabled Kerberos, but even then I don't know if our web server (in the DMZ) is a part of the corporate domain.

    Sounds like I might need to just plan on capturing the user's credentials within the app and pass that with each call. I assume I can do this using ApplicationContext.ClientContext.

    Tim

    Page 1 of 1 (3 items) | RSS

    Copyright (c) 2006-2014 Marimer LLC. All rights reserved.
    Email admin@lhotka.net for support.
    Powered by Community Server (Non-Commercial Edition), by Telligent Systems