.net security in n-tier

Question

3.00/5 (2 votes)

See more:

Sorry. I'm new to this. I'll rephrase this.
I'm doing an n-tier project with the possibility of multiple types of UI/clients (web, desktop, services). I'm looking for the best way on how to implement authentication in business layer.

Posted 29-May-11 20:31pm

Jovi_A

Updated 30-May-11 17:32pm

v3

Add a Solution

Comments

Sergey Alexandrovich Kryukov 30-May-11 2:57am

Not a question.
--SA

OriginalGriff 30-May-11 5:35am

It's got a question mark at the end! It must be a question! :laugh:

Sergey Alexandrovich Kryukov 30-May-11 15:10pm

It wasn't, at the moment of writing my comment.
Even now it looks more like a task, not a question. Who is going to solve it? :-)
--SA

Monjurul Habib 30-May-11 18:37pm

doesn't make any sense. clarify your question.

King.Duan 31-May-11 5:32am

the answer is Null

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Stanciu Vlad · Answer 1 · 2011-05-30T08:23:00

Authentication most of the times resumes to a user and a password. Most of the times this is done in the UI Layer, meaning that you can not use the application unless you are authenticated. If this is your case then you could send to the business layer you UI layer authentication token (ore something that let's it know the user is loged in. Not let's consider the oposite of this assumtion, ie. you want to check the user at the business layer, then just add a user and a password at the business layer interface methods (or attributes that require user and password, and adequately checks for them).
And, as an observation, communication between the UI layer and the business layer should be secure (insinde the same process, or if it is a web service then via https.