Oh boy, I'm looking at introducing a Generic Authentication scheme rather than using Windows Authentication for code access security.
The application will be a mix of ASP.net and remotely deployed Winforms front ends. I am confused about what this will mean. 1) Will the Generic Prinicipal and Identity be carried from Client PC to Business Object tier automatically or will some manual work need to be done? 2) Does Normal Windows security Authentication get tossed asside? Ie. If the Winforms Client PC makes a call to the Business Object server (via Remoting), won't it still need to make sure that the NT user is valid with the domain and check to make sure that the NT user has permissions to call that object? 3) Are there any other limitations to what you can do? Cheers Matthew Hunter You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
