Dynamic Mode Security - Add user authorization to function calls


Basically once a service key is validated the client application has free reign against the membership functions. This is fine for a web application in most cases because it's running on a trusted host. However, in a windows forms situation, your key is being sent directly to a user so their application can talk to your membership service. I think there should be an optional way to lock down the membership functions for untrusted applications. I've been thinking about a way to maybe lock it down by authorized groups. That way say minimal users would only be able to login and obtain their groups, maybe reset a password. More privileged users could do more.
Closed Mar 31, 2008 at 6:33 PM by nlb6665
in 2.0 beta