Hi,
Im in the process of trying to define my security scheme using .NET remoting, however i am having some difficulty with it.
My server will be hosted in IIS and i will be using SSL and SingleCall. Here is where i get confused however, if i use IIS authentication (either basic or windows integrated) then each user of my app will have to have a user account on the IIS server or an Active Directory account correct?
What i am really looking for is to have the users/roles stored in my own Database and then on each method call i can check if the user is authenticated and then authorize them based on there role. (if user is not in role then throw exception) All without using any windows user accounts. but i DO NOT want to have to pass user info into each function!
i cannot find any info on this for the life of me....Has anyone done this or have any ideas for me?
If i must use windows accounts or active directory, is it possible to sync the windows accounts with the accounts in my database? or somehow link the windows accounts to the roles stored in my database. any suggestions on how to go about doing this?