This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
We are developing an Intranet application (to run within an NT/2003 domain)with several sensitive applications. There are different options that we are looking at as far as authentication goes. Most likely, we are going to use LDAP to authenticate against Active Directory. btw, if you have any information that could help us do that - please share.
My question is: Once the password is verified and the user is authenticated, can we place a "SecurityToken" object into the Session and use it from that point on? The SEcurityToken will have basic methods such as getLogin, getGroups, getAccessCode, etc. It will be populated when the user authenticates, and all application will use it to determine the view/access level, etc. Is this method secure? What is the common practice to handle this?
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link: http://aspose.com