Hi all, After looking through the code for two pairs implementing these interfaces in mscorlib using Reflector I think I start to understand... To me it still looks that this separation is a little bit artificial though. Like said there are two pairs: GenericPrincipal + GenericIdentity and WindowsPrincipal + WindowsIdentity. E.g. very tightly coupled classes... in fact I can't see any other reason why these are separated but to have less code per class. Another thing that doesn't make it any easier to understand is IPrincipal interface being as it is... one method IsInRole(string)! This is hardly ideal way for many applications to authorize a user! And in fact can see that WindowsPrincipal uses a lot of other ways...
Or maybe my confusion just comes from the fact that I haven't needed multiple different IIdentity classes... There I could see reason to use this: abstract UserIdentity : IIdentity class AdminIdentity : UserIdentity class AnonymousIdentity : UserIdentity class SalesPersonIdentity : UserIdentity class UserPrincipal : IPrincipal + ctor(UserIdentity identity) Maybe somebody's doing like above? Or do you have better examples where it's clear why these are separated? Ah, I just hate to see so central concepts that I don't clearly understand :) Sorry about being difficult... Cheers, Miika ps. Looking at http://blogs.msdn.com/ploeh/archive/2007/08/20/UserContext.aspx says "Should I create both a UserPrincipal and a UserIdentity class? In some cases, it makes sense, while in others, it doesn't"... At least this article confirms that it's ok to implement in same class if you don't see reason not to... On Dec 12, 2007 11:54 PM, Mark Brackett <[EMAIL PROTECTED]> wrote: > Authentication (IIdentity) vs. Authorization (IPrincipal). > > --MB > > > -----Original Message----- > > From: Discussion of advanced .NET topics. [mailto:ADVANCED- > > [EMAIL PROTECTED] On Behalf Of Miika Mäkinen > > Sent: Tuesday, December 11, 2007 10:30 PM > > To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM > > Subject: Re: [ADVANCED-DOTNET] IPrincipal and IIdentity > > > > Thanks Brandon... This text in MSDN is the reason why I was asking... > > to me > > very cryptic explanations! > > > > On Dec 11, 2007 10:34 PM, Brandon Willoughby <[EMAIL PROTECTED]> > > wrote: > > > > > Taken from the MSDN: > > > > > > IIdentity: > > > > > > An identity object represents the user on whose behalf the code is > > > running. > > > > > > IPrinciple: > > > > > > A principal object represents the security context of the user on > > whose > > > behalf the code is running, including that user's identity > > (IIdentity) > > > and any roles to which they belong. > > > > > > > > > http://msdn2.microsoft.com/en- > > us/library/system.security.principal.iidentity(VS.80).aspx<http://msdn2 > > .microsoft.com/en- > > us/library/system.security.principal.iidentity%28VS.80%29.aspx> > > > > > > http://msdn2.microsoft.com/en- > > us/library/system.security.principal.iprincipal.aspx > > > > > > Brandon W > > > > > > Miika Mäkinen wrote: > > > > Hi all, > > > > I'm having hard time understanding what is the purpose of > > IPrincipal and > > > > IIdentity. Why are these 2 separate interfaces? To me it just > > > complicates > > > > matters... Does anybody know of a good article explaining... > > > > > > > > > > > > Cheers, > > > > Miika > > > > > > > > =================================== > > > > This list is hosted by DevelopMentor(R) http://www.develop.com > > > > > > > > View archives and manage your subscription(s) at > > > http://discuss.develop.com > > > > > > =================================== > > > This list is hosted by DevelopMentor(R) http://www.develop.com > > > > > > View archives and manage your subscription(s) at > > > http://discuss.develop.com > > > > > > > =================================== > > This list is hosted by DevelopMentor(R) http://www.develop.com > > > > View archives and manage your subscription(s) at > > http://discuss.develop.com > > =================================== > This list is hosted by DevelopMentor(R) http://www.develop.com > > View archives and manage your subscription(s) at > http://discuss.develop.com > =================================== This list is hosted by DevelopMentor® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
