Scott,

My original idea was going to be that the .NET provider would 
establish its connection with a "generic" iSeries user and then 
switch to the query user using the handle.

Dangerous. Unless you take great care to disable all the connection
pooling that's on by default (if you even can, never thought to try) you
don't want to connect as one "generic" user and then switch to another
on the back end. There's one connection pool per unique connection
string. Since all your connections would have the same connection string
there'd be one pool. If you ever neglected to swap profiles you'd be
running as the last user id to use that connection. Ensuring security
would be a nightmare. 

Why not just have the app ask the user for their user id and then form
the connection string appropriately? Or are you trying to emulate the
integrated security concept from SQLServer?

Anyway, here is my initial thought: Use a _small_ iSeries web app to do
the authentication. Have it generate a security token (UUID perhaps) and
write that token, along with the authenticated user id into a table on
the iSeries (and perhaps the client IP). Then redirect to your web app
passing the UUID on the connection string. The .NET app then reads the
table on the iSeries and gets the userid for that UUID (and deletes the
row so it can't be reused). The .NET app then knows the user profile it
should adopt. 

Here's the problem with that approach. To swap to a user profile w/out
knowing the password you have to have *Use rights to the target profile.
Are you willing to give the generic login user *Use rights to all the
target profiles? If so, it should work.

-Walden


As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.