QuestionsCategory: General QuestionsLogin, authentication and authorization
Danny asked 7 months ago

Hi Tim
Thanks a lot for your great videos. I constantly use your good advice for my projects.
Perhaps you can advise, I’m working on a C# WPF project that needs Login, Authentication and authorization. Parts of the GUI will be blocked for low authorization levels.
The users database needs to be secure and reside on a local server inside a factory and not connected to the internet or external cloud.
I have Never done this before and have no clue how to start.
Are there any Microsoft ready technologies or commercial libraries that may be considered?
Any tips would be greatly appreciated.
Best regards
Danny
 

1 Answers
Tim Corey answered 7 months ago

Having never done any of this, trying to get it all right on the first try will be difficult. Here is what I recommend. First, break it down into parts. Then, try to build a demo that handles just that part. Make sure you understand how just that part works. After you do that with all of the areas where you aren’t sure what to do, then plan out your main application. Don’t try to use your demos in the real project. Just recreate what you did in the context of the main application. For example, authorization. That is one piece. Figure out what you want to do there. Then build a small app that just handles logging in. Have it give you a red light if the login fails and green if it succeeds. You get that right and you understand how to have a person log in. Next, you could work on hiding/showing UI based upon a user or role. Don’t worry about authorization. Make something up.Have a dropdown on the main page that has three users in it (or however many you want). If one gets selected, pretend that person has one set of permissions and hide or show the UI elements accordingly. Do the same with the next two. You don’t care about validating their login, you just hide or show based upon who is selected in the dropdown. Now, when you are ready to make your real app, you combine those two ideas into one new app that has a login system that then tells the UI who they are so you can hide or show things accordingly.
As for systems out there that will help, I am not sure there are. The problem is that you have a specific outcome you desire. Getting an external tool that will do that for you is rare.
As for locking down the database, watch my video on YouTube on Stored Procedures. That will show you how you can lock down the database quite securely.

Your Answer