Know Your Authorization Options

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

Know your authorization options and choose the most appropriate for your scenario. First decide if you want to use resource-based or role-based authorization. Resource-based authorization uses ACLs on the resource to authorize the original caller. Role-based allows you to authorize access to service operations or resources based upon the group a user is in.
  • If you choose to use role-based authorization then you can store your roles in Windows groups or in ASPNET roles.
  • If you are using Active Directory then consider using Windows groups based on ease of maintenance and the fact you maintain both roles and credentials in the Active Directory store. If you are not using Active Directory, consider using ASPNET roles and the ASP.NET Role Provider.

Your authorization strategy may also be influenced by your choice of authentication:
  • Resource-based authorization
    • If you are using certificates authentication you will need to map certificates to Windows groups.
    • If you are using username authentication you will need to perform protocol transition.
    • Windows authentication will work with resource-based authorization by default.
    • Basic authentication will work with resource-based authorization by default.
    • Note: You need to impersonate for resource-based authorization.
  • Role-based authorization
    • If you are using certificates authentication you will need to map certificates to Windows groups.
    • If you are using username authentication with Windows groups, you will need to perform protocol transition.
    • Username authentication will work with ASPNET roles by default.
    • Windows authentication will work with Windows groups by default.
    • Basic authentication will work with Windows groups by default.

Last edited Jun 12, 2008 at 8:36 PM by prashantbansode, version 1

Comments

No comments yet.