This project is read-only.
1
Vote

Role provider and username format

description

I have a question regarding this topic.

I'm actually using netsqlazman with forms auth with kerberos protocol transition, I have a multi tenant app (each tenant has specific upn suffix). when role provider is asked for user roles; GetRolesForUser, in this method there is a line

wid = new WindowsIdentity(this.getUpn(this.getFQUN(username))); //Kerberos Protocol Transition: Works in W2K3 native domain only

since I'm using forms auth and multi tenancy, in my username I have already username@tenant not just username or USERDOMAIN\username moreover username part in upn has nothing to do with samaccountname with is a part of USERDOMAIN\samacountname format. in my app samacountname consists of random characters (membership provider ensures that) so conversion of samacountname to upn without broader knowledge of my domain is pointless. logging with upn in forms auth makes much more sense, since I could have john@tenant1 and john@tenant2 and everyone is happy:) with samacountname its is imposible without forest... when I create user I can say what upn suffix it should have, so I dont need forests...

of course I recompiled provider class and added simple check if username already is in upn format, than, I'm simply using username without any conversions in windowsidentity S4U2S kerberos constructor.

so what do you think of it? can you include that kind of chance in netsqlazman?? I think this feature makes sense, and adds value to the project.

comments