SilverlightShow: WCF RIA Services Part 7 - Authentication and Authorization Comments http://www.silverlightshow.net/ Silverlight articles, Silverlight tutorials, Silverlight videos, Silverlight samples SilverlightShow.net http://www.rssboard.org/rss-specification Argotic Syndication Framework 2008.0.2.0, http://www.codeplex.com/Argotic en-US estoychev@completit.com (Emil Stoychev) Re: WCF RIA Services Part 7 - Authentication and Authorization <p>Hi,</p> <p>I solved the '404 on the login.aspx' problem by changing the connection credentials in the Application Settings. The Web Application was set to use "Application user (pass-through authentication)" [see "Connect As" in the Edit Application dialog]. Once this was changed to a "Specific user", all was well.</p> <p>Hope that helps anyone with the same problem.</p> <p>Matt</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment8063 MattHousley http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Tue, 15 May 2012 15:28:34 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>Thanks, great articale!</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment8041 NikitaSherman http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Thu, 10 May 2012 23:11:14 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>Are you positive there is not a web.config in the root site directory with deny anonymous or even at the machine config level? That is the only thing I am aware of that would cause what you are describing if anonymous is allowed through IIS.</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment8023 brian.noyes http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Thu, 03 May 2012 20:41:31 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>Hi Brian,<br /> Thanks for you reply.<br /> No at this point, the web.config file is exactly as it is in your TaskManagerPart7 project.<br /> <br /> I'm assuming that this is how to allow anonymous users to get to the hosting page and the XAP.</p> <p>I've added the following to the web.config file, but I still get the same result.:</p> <div class="reCodeBlock" style="border: 1px solid #7f9db9; overflow-y: auto;"> <div style="background-color: #ffffff;"><span><code>    </code><span style="margin-left: 12px !important;"><code style="color: #000000;"><</code><code style="color: #006699; font-weight: bold;">authorization</code><code style="color: #000000;">></code></span></span></div> <div style="background-color: #f8f8f8;"><span><code>        </code><span style="margin-left: 24px !important;"><code style="color: #000000;"><</code><code style="color: #006699; font-weight: bold;">allow</code> <code style="color: #808080;">users</code><code style="color: #000000;">=</code><code style="color: blue;">"?"</code><code style="color: #000000;">/></code></span></span></div> <div style="background-color: #ffffff;"><span><code>    </code><span style="margin-left: 12px !important;"><code style="color: #000000;"></</code><code style="color: #006699; font-weight: bold;">authorization</code><code style="color: #000000;">></code></span></span></div> <div style="background-color: #f8f8f8;"><span style="margin-left: 0px !important;"><code style="color: #000000;"></</code><code style="color: #006699; font-weight: bold;">system.web</code><code style="color: #000000;">></code></span></div> <div style="background-color: #ffffff;"><span style="margin-left: 0px !important;"> </span></div> <div style="background-color: #f8f8f8;"><span style="margin-left: 0px !important;"><code style="color: #000000;"><</code><code style="color: #006699; font-weight: bold;">location</code> <code style="color: #808080;">path</code><code style="color: #000000;">=</code><code style="color: blue;">"TaskManagerTestPage.aspx"</code><code style="color: #000000;">><</code><code style="color: #006699; font-weight: bold;">system.web</code><code style="color: #000000;">><</code><code style="color: #006699; font-weight: bold;">authorization</code><code style="color: #000000;">><</code><code style="color: #006699; font-weight: bold;">allow</code> <code style="color: #808080;">users</code><code style="color: #000000;">=</code><code style="color: blue;">"?"</code><code style="color: #000000;">/></</code><code style="color: #006699; font-weight: bold;">authorization</code><code style="color: #000000;">></</code><code style="color: #006699; font-weight: bold;">system.web</code><code style="color: #000000;">></</code><code style="color: #006699; font-weight: bold;">location</code><code style="color: #000000;">></code></span></div> <div style="background-color: #ffffff;"><span style="margin-left: 0px !important;"><code style="color: #000000;"><</code><code style="color: #006699; font-weight: bold;">location</code> <code style="color: #808080;">path</code><code style="color: #000000;">=</code><code style="color: blue;">"TaskManagerTestPage.html"</code><code style="color: #000000;">><</code><code style="color: #006699; font-weight: bold;">system.web</code><code style="color: #000000;">><</code><code style="color: #006699; font-weight: bold;">authorization</code><code style="color: #000000;">><</code><code style="color: #006699; font-weight: bold;">allow</code> <code style="color: #808080;">users</code><code style="color: #000000;">=</code><code style="color: blue;">"?"</code><code style="color: #000000;">/></</code><code style="color: #006699; font-weight: bold;">authorization</code><code style="color: #000000;">></</code><code style="color: #006699; font-weight: bold;">system.web</code><code style="color: #000000;">></</code><code style="color: #006699; font-weight: bold;">location</code><code style="color: #000000;">></code></span></div> <div style="background-color: #f8f8f8;"><span style="margin-left: 0px !important;"><code style="color: #000000;"><</code><code style="color: #006699; font-weight: bold;">location</code> <code style="color: #808080;">path</code><code style="color: #000000;">=</code><code style="color: blue;">"Silverlight.js"</code><code style="color: #000000;">><</code><code style="color: #006699; font-weight: bold;">system.web</code><code style="color: #000000;">><</code><code style="color: #006699; font-weight: bold;">authorization</code><code style="color: #000000;">><</code><code style="color: #006699; font-weight: bold;">allow</code> <code style="color: #808080;">users</code><code style="color: #000000;">=</code><code style="color: blue;">"?"</code><code style="color: #000000;">/></</code><code style="color: #006699; font-weight: bold;">authorization</code><code style="color: #000000;">></</code><code style="color: #006699; font-weight: bold;">system.web</code><code style="color: #000000;">></</code><code style="color: #006699; font-weight: bold;">location</code><code style="color: #000000;">></code></span></div> <div style="background-color: #ffffff;"><span style="margin-left: 0px !important;"><code style="color: #000000;"><</code><code style="color: #006699; font-weight: bold;">location</code> <code style="color: #808080;">path</code><code style="color: #000000;">=</code><code style="color: blue;">"ClientBin/TaskManager.xap"</code><code style="color: #000000;">><</code><code style="color: #006699; font-weight: bold;">system.web</code><code style="color: #000000;">><</code><code style="color: #006699; font-weight: bold;">authorization</code><code style="color: #000000;">><</code><code style="color: #006699; font-weight: bold;">allow</code> <code style="color: #808080;">users</code><code style="color: #000000;">=</code><code style="color: blue;">"?"</code><code style="color: #000000;">/></</code><code style="color: #006699; font-weight: bold;">authorization</code><code style="color: #000000;">></</code><code style="color: #006699; font-weight: bold;">system.web</code><code style="color: #000000;">></</code><code style="color: #006699; font-weight: bold;">location</code><code style="color: #000000;">></code></span></div> </div> <p>In IIS, the Authentication for the Web App, has Anonymous Authentication enabled as well as Forms Authentication, with HTTP 302 Login/Redirect enabled. ASP.Net Impresonation is Disabled. That's all that appears in the Authentication list.<br /> <br /> Regarding the IIS Installation it's on Windows 7 Ultimate, with Request Filtering and URL Authorization enabled under Secuity for IIS in "Turn Windows features on or off".<br /> <br /> I've started a <a href="http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/a31acfee-28ca-4daa-8445-bf6691a1459a" title="thread on MSDN" target="_blank">thread on MSDN</a>, but I haven't found a solution there either.</p> <p>Any further help would be greatly appreciated.</p> <p>Thanks again.<br /> <br /> Matt</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment8021 MattHousley http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Thu, 03 May 2012 16:39:10 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>Presumably your root web.config has an authorization element with deny users="?". ASP.NET auto redirects in that case and by convention expects you to have a Login.aspx page, which this solution does not because it was not intended to show creating the secure session through a login page (which does work fine with RIA Services by the way).</p> <p>You can create one easy enough by creating a page with that name and dragging and dropping a login control onto it and you are done.</p> <p>But the real answer is - if you want clients to log in through the Silverlight app, don't restrict anonymous users from getting to the hosting page or the ClientBin directory.</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment8019 brian.noyes http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Thu, 03 May 2012 14:37:53 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>Hi Brian,<br /> Great set of articles, thank you.<br /> <br /> When I run the example project under Visual Studio it works great, but when I deploy to IIS 7, I just get a 404 for login.aspx.<br /> <br /> How can I configure IIS to stop this from happening?</p> <p>Thanks again</p> <p>Matt</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment8012 MattHousley http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Wed, 02 May 2012 16:43:03 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>Thanks Brian.</p> <p>That puts it in perspective.</p> <p>Clive</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment7913 Mivoat http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Tue, 17 Apr 2012 15:22:23 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>I only didn't use HTTPS in the sample because that requires running from IIS, setting up your certificate, etc. - stuff that is outside the scope of the article. There are plenty of tutorials for setting that up. This is completely appropriate for outside the firewall and I would always deploy with HTTPS for the authentication if not the whole site, depending on the nature of the data going back and forth.</p> <p>If you are building and deploying distributed Silverlight browser apps you are a web developer. You don't have to be an IIS expert as a web developer, but you do at least have to learn how to set up applications/virtual directories in IIS and configure an SSL cert if you want to be successful deploying for real world scenarios.</p> <p><br /> </p> <p><br /> </p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment7912 brian.noyes http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Tue, 17 Apr 2012 14:16:53 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>Brian</p> <p>Yes that does help.  </p> <p>But your (very useful) TaskManager example doesn't use https to login and so I'm wondering if its pattern is only appropriate for use inside firewalls - not really for the public internet?</p> <p>I've looked for help on using https and there are warnings that it's difficult and involves having to use IIS for testing. </p> <p>I think I may be somewhat typical - having come from the world of the MSSQL stack, with VB Forms, (and avoided what I regard as fundamentally 70s mainframe architecture - screen refreshes coming from a big cpu at the end of a wire), and now want to take advantage of this great new architecture (appropriate processing at both ends with easy data interchange).</p> <p>Bottom line - I was hoping to avoid having to become an expert in IIS and net protocols, and use a recommended pattern so I could stick mostly to data modelling etc.</p> <p>If https is recommended for the login process on a public site can you recommend a simple example to download?   Or do most public sites just heavily encrypt username and password over http during login, and then keep regular backups and hope for the best?</p> <p>Many thanks for your help, Clive</p> <p> </p> <p> </p> <p> </p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment7911 Mivoat http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Tue, 17 Apr 2012 13:59:44 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>Clive,</p> <p>This does presume that you are using SSL (HTTPS) for the authentication call that passes the credentials at a minimum. At that point it is no more or less secure than every web site you you log into out there. Once the authentication has happened, it uses the same session cookie based approach for maintaining the secure session that ASP.NET does, which has protections for trying to use that cookie from another machine and has timeouts to avoid having it used again from the same machine at some later time by another user. </p> <p>So it is "secure enough" - good enough for many banking, medical, and other domains.</p> <p>Hope that helps.</p> <p>Brian</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment7848 brian.noyes http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Mon, 16 Apr 2012 20:43:50 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>Very useful article Brian - thank you.</p> <p>I'm new to web security, so please forgive me:</p> <p>Even if I encrypt the password at the client side before submitting it with </p> <p>WebContext.Current.Authentication.Login </p> <p>- couldn't that be picked up by someone watching the net traffic, and then impersonated?  I'm worried they could then get a list of all the web services and then play all sorts of havoc?</p> <p>- Or does the above Login routine do it's own encryption, that varies each time somehow?</p> <p>My app is not hyper-sensitive with financial transactions, etc but I'm just wondering what is considered a sensible security arrangement for most LOB apps?</p> <p>Is it considered generally secure enough as long as encryption keys are changed from time to time?  Do most hackers watch net traffic, or do they just try lots of password combinations with intelligent guesses?</p> <p>BTW My app config is nothing special, just a plain vanilla SL4 business app, deployed to Azure and using SQL Azure.</p> <p>Many thanks, Clive</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment7845 Mivoat http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Mon, 16 Apr 2012 17:33:01 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>You need to have the Silverlight Toolkit installed. Sorry, should have stuck to core Silverlight controls to make the demo more portable.</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment7827 brian.noyes http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Tue, 10 Apr 2012 18:01:28 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>Hi Brian,</p> <p>I've downloaded the sample part 7 , but i can't run it and see how it works, I'm getting an error that time picker could not be found, do you have any idea???</p> <p>Thanks,</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment7822 anabifar http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Mon, 09 Apr 2012 21:19:43 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>Hey Brian,</p> <p>I liked the article and learned something.  One thing that would be really useful is to show how to mix WCF Authorization, Authentication with Prism.  Perhaps in it's own module.  I bought this book and would buy the one I'm speaking about.</p> <p>Tim</p> <p> </p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment7723 TKelley http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Sun, 25 Mar 2012 18:10:36 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>cmeyerPng, you will have to try again. The zip is fine, just downloaded it to one of my machines to make sure.</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment7584 brian.noyes http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Fri, 24 Feb 2012 21:47:17 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>Could you please upload the sample code again? Unfortunately the zip file is empty.</p> <p>Thanks!!!</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment7570 cmeyerPng http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Thu, 23 Feb 2012 05:50:26 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>Could you please upload the sample code again? Unfortunately the zip file is empty.</p> <p>Thanks!!!</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment7569 cmeyerPng http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Thu, 23 Feb 2012 02:25:23 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>Singlepoint, I'm not sure why you are getting that error. That error is the standard one you get if you try to access a private, protected, or internal member outside of the scope where it is accessible. However, when the WebContext class gets generated on the client side, it should redeclare the User property as public as you are alluding to. In which case you should not get this error.</p> <p>First I would confirm that I have added the AuthenticationDomainService with proper definition on the server side as outlined above. Then I would double check that the WebContext class in the generated code has a redefined User property that wraps and exposes the base class one and that the property is public. Also double check that the visibility of the AuthUser class is public.</p> <p>If all those are in place, I can't think why it would give you that error.</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment7508 brian.noyes http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Mon, 13 Feb 2012 17:14:20 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>Brian one more thing, if I do WebContext.Current.Authentication.User then I get the user but I can't find the isAuthenticated property.</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment7506 singlepoint http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Mon, 13 Feb 2012 08:10:13 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>Hi Brian, </p> <p>Thanks for replying. This is the expression I am using</p> <p>WebContext.Current.User</p> <p>ain't this user supposed to be our AuthUser? But it's not accessible. </p> <p>Thanks</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment7505 singlepoint http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Mon, 13 Feb 2012 08:08:49 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>Hi singlepoint,</p> <p>Are you using WebContext.Current.Authentication.User to get to it or are you trying to use the property directly on the WebContext instance?</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment7504 brian.noyes http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Mon, 13 Feb 2012 01:11:23 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>Hi Brian</p> <p>I was following this post lately, once my domain context got created on the client side, it started giving me an error which says</p> <p>WebContextBase.User inaccessible due to it's protection level. Can you please give me some hint what I am doing wrong here. I am new to .Net. Please bear with me if it's a nonsense question.</p> <p><br /> </p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment7503 singlepoint http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Sun, 12 Feb 2012 21:09:25 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>Excellent.</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment7290 Eran http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Wed, 07 Dec 2011 02:33:05 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>Benoit73,</p> <p>Anytime you see that <file> error message, tell yourself "I should not have blindly clicked OK in that dialog that warned me that a Silverlight client using RIA Services would not run correctly in the debugger unless the hosting web project is the startup project." :)</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment6661 brian.noyes http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Mon, 17 Oct 2011 06:03:30 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>The login doesn't work for me. When I do a try/catch like this one:</p> <span style="color: #008000; font-family: consolas; font-size: 13px;"> <p>try{</p> <p>loginOp = WebContext.Current.Authentication.Login(UsernameTextBox.Text, PasswordTextBox.Text);</p> <p>}catch(Exception eee){</p> <p>MessageBox.Show(eee.Message);</p> <p>}</p> <p> </p> <p>I get a message like this one:</p> <p> </p> </span> <p>The URI model <<file>> is not valid; the model <<http>> was expected.</p> <p>Parameter name: via</p> <p> </p> <p>Any clue why?</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment6660 Benoit73 http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Mon, 17 Oct 2011 05:49:12 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization excellent jobs. http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment6573 jiang212003 http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Tue, 27 Sep 2011 10:32:44 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>With either Prism or MEF, you could conditionally load different XAP files based on role after initially loading a root app assembly to establish the security context. I wouldn't generally recommend that as it will be complicated to manage and maintain.</p> <p>I don't think you can state in general that doing authentication or authorization on the client side is not a good idea, it depends on the app, the context, the users, the deployment scenarios, etc. Certainly for OOB apps you have no choice.</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment6527 brian.noyes http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Thu, 15 Sep 2011 18:02:24 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization just a crazy thought, should the host service return role base xap file base on the user permission? then again, it's too much work. it's easier with html. doing authorization on client side is not really a good idea with sl. http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment6524 koo9 http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Tue, 13 Sep 2011 23:14:01 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p style="margin-bottom: 0pt;"><span style="font-family: arial unicode ms;">Hi,</span></p> <p><span style="font-family: times new roman; font-size: 12pt;">Thank you for this well written article. I was able to create my own custom membership provider as well as role provider following your article and they work well. I tried to create a custom ProfileProvider in the hope that I could add some custom properties to the user such as company, so that I could retrieve this information in my RIA service. To my disappointment, I cannot see my custom properties on the server side (in the RIA Service method). Is there anything, I am missing? Or is there any other way to achieve this? </span></p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment6427 sonny_lp http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Thu, 11 Aug 2011 00:27:19 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>Koen,</p> <p>You have a couple of paths you could take there. One is to write custom membership and profile providers to point to your own tables. Depending on the schema of those tables, this is straightforward and makes the providers reusable outside of RIA Services (web apps and normal WCF services can use them too). </p> <p>The other path is to override the ValidateUser and GetAuthenticatedUser methods and do your own data access to look up the username/password and to create the instance of the user object.</p> <p>Hope that helps.</p> <p>Brian</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment6388 brian.noyes http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Sun, 31 Jul 2011 19:01:19 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>Hi Brian,</p> <p>Thanks for your response.<br /> I watched your webinar ... nice stuff.</p> <p>In the demo solution you use the silverlight app to supply the FavoriteColor property of the User object and save the user in the asp.net database.</p> <p>My goal is to add additional fields (name, first name, ...) from my own database from within the service project. <br /> Is that possible ? And how would you do that ?</p> <p>Grtz, Koen.</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment6387 KoenJordens http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Sun, 31 Jul 2011 15:58:14 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>Hi Koen</p> <p>Depends on what "missing parts" you are referring to? Do you mean adding personalization properties? If so, see my webinar here on Silverlight show on securing and personalizing Silverlight apps.</p> <p>If not, let me know what you had in mind.</p> <p>Thanks</p> <p>Brian</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment6385 brian.noyes http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Sat, 30 Jul 2011 02:44:58 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>Hi Brian,<br /> First of all: Great article !!</p> <p>Just one question, how can I fill in the missing parts on the AuthUser class ?</p> <p>grtz, Koen.</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment6375 KoenJordens http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Mon, 25 Jul 2011 15:33:13 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>Hi Brian,</p> <p>I solved it. It was an typing error in the DomainContextType string.</p> <p>For other people who want place the authentication service in a RIA services class library check this post: <a target="_blank" href="http://forums.silverlight.net/forums/t/112195.aspx#260056">Silverlight forum</a></p> <p>Greetings,<br /> Teun<br /> <br /> </p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment6274 hbteun http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Thu, 09 Jun 2011 16:59:40 GMT Re: WCF RIA Services Part 7 - Authentication and Authorization <p>Hi Brian,</p> <p>do you know a good example of an (preferably a custom) AuthenticationService inside a RIA services class library for SL4? </p> <p>As I understand it, the WebContext is not created and you have to create it your self. But I get an exception when using it: The DomainContextType is null or invalid and there are no contexts generated from AuthenticationBase<T>. </p> <p>Greetings,<br /> Teun</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment6271 hbteun http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Thu, 09 Jun 2011 14:53:34 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization You can tie it in with the ASP.NET Profiles functionality if you set up a profile for the authenticated user. See this article: <a href="http://msdn.microsoft.com/en-us/library/ee707350(v=vs.91).aspx">http://msdn.microsoft.com/en-us/library/ee707350(v=vs.91).aspx</a> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment6084 Brian Noyes http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Sun, 08 May 2011 00:52:01 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization <p>In your post you said that we can put what ever other information we want to AuthUser. But how are we going to update this information? Using your approach and with my limited knowledge i don't see how this can be done.</p> <p>For example if in AuthUser i have a property PhoneNumber how am i going to fill it using your approach?</p> <p>Thank you.</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment6068 George P. http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Thu, 05 May 2011 11:34:26 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization <p>Hi Brian,</p> <p>I created a sample of custom membership provider for a business application but i don't what is my problem that i got the below error when i want to register a new user :</p> <p>(</p> <p>Invoke operation 'CreateUser' failed. The HTTP request to 'https://localhost:52878/ClientBin/SLCustomMembershipProvider-Web-UserRegistrationService.svc/binary/CreateUser' has exceeded the allotted timeout. The time allotted to this operation may have been a portion of a longer timeout.</p> <p></p> <p>)</p> <p>and you can get my porject <a href="http://cid-8b3b5259a5661cf0.office.live.com/self.aspx/.Documents/Codes/SLCustomMembershipProvider.rar">here</a>.</p> <p> please help to find my problems.</p> <p>Thanks a lot</p> <p></p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment5569 Mahdi http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Wed, 23 Feb 2011 20:35:04 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization When you set up an Authentication Domain Service, it is queryable directly like any other domain service. It exposes a collection of your user type (AuthUser in my sample), which is an IPrincipal (meaning it has an IsInRole method on it). So you can do a Load operation for the GetUserQuery method on that domain context to get it to reload the user and its roles from the server side. http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment5460 Brian Noyes http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Wed, 09 Feb 2011 16:06:01 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization In my scenario the user can request to join another role from teh client. How coud I update the roles of user when the access to the role was granted. Is their a way wihtout doing a logout/login? http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment5459 bitdisaster http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Wed, 09 Feb 2011 02:40:29 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization <p>...and here is the event-handler for the Login-function:</p> <span style="font-family: consolas; font-size: 13px; color: #0000ff;"> <p>Private</p> </span> <p><span style="font-family: consolas; font-size: 13px;"></span><span style="font-family: consolas; font-size: 13px; color: #0000ff;">Sub</span><span style="font-family: consolas; font-size: 13px;"> loginIsCompleted(</span><span style="font-family: consolas; font-size: 13px; color: #0000ff;">ByVal</span><span style="font-family: consolas; font-size: 13px;"> sender </span><span style="font-family: consolas; font-size: 13px; color: #0000ff;">As</span><span style="font-family: consolas; font-size: 13px;"> </span><span style="font-family: consolas; font-size: 13px; color: #0000ff;">Object</span><span style="font-family: consolas; font-size: 13px;">, </span><span style="font-family: consolas; font-size: 13px; color: #0000ff;">ByVal</span><span style="font-family: consolas; font-size: 13px;"> e </span><span style="font-family: consolas; font-size: 13px; color: #0000ff;">As</span><span style="font-family: consolas; font-size: 13px;"> </span><span style="font-family: consolas; font-size: 13px; color: #2b91af;">EventArgs</span><span style="font-family: consolas; font-size: 13px;">)</span></p> <p><span style="font-family: consolas; font-size: 13px; color: #0000ff;">    Dim</span><span style="font-family: consolas; font-size: 13px;"> op </span><span style="font-family: consolas; font-size: 13px; color: #0000ff;">As</span><span style="font-family: consolas; font-size: 13px;"> </span><span style="font-family: consolas; font-size: 13px; color: #2b91af;">LoginOperation</span><span style="font-family: consolas; font-size: 13px;"> = </span><span style="font-family: consolas; font-size: 13px; color: #0000ff;">CType</span><span style="font-family: consolas; font-size: 13px;">(sender, </span><span style="font-family: consolas; font-size: 13px; color: #2b91af;">LoginOperation</span><span style="font-family: consolas; font-size: 13px;">)</span></p> <p><span style="font-family: consolas; font-size: 13px; color: #0000ff;">    If</span><span style="font-family: consolas; font-size: 13px;"> op.HasError </span><span style="font-family: consolas; font-size: 13px; color: #0000ff;">Then</span> </p> <p><span style="font-family: consolas; font-size: 13px; color: #2b91af;">        ErrorWindow</span><span style="font-family: consolas; font-size: 13px;">.CreateNew(op.Error)</span></p> <p>        op.MarkErrorAsHandled()</p> <p><span style="font-family: consolas; font-size: 13px; color: #0000ff;">        Return</span></p> <p><span style="font-family: consolas; font-size: 13px; color: #0000ff;">    ElseIf</span><span style="font-family: consolas; font-size: 13px;"> </span><span style="font-family: consolas; font-size: 13px; color: #0000ff;">Not</span><span style="font-family: consolas; font-size: 13px;"> op.LoginSuccess </span><span style="font-family: consolas; font-size: 13px; color: #0000ff;">Then</span> </p> <p><span style="font-family: consolas; font-size: 13px; color: #2b91af;">        ErrorWindow</span><span style="font-family: consolas; font-size: 13px;">.CreateNew(</span><span style="font-family: consolas; font-size: 13px; color: #a31515;">"Login failed..."</span><span style="font-family: consolas; font-size: 13px;">)</span></p> <p><span style="font-family: consolas; font-size: 13px; color: #0000ff;">        Return</span></p> <p><span style="font-family: consolas; font-size: 13px; color: #0000ff;">    Else</span></p> <p><span style="font-family: consolas; font-size: 13px; color: #2b91af;">        MessageBox</span><span style="font-family: consolas; font-size: 13px;">.Show(</span><span style="font-family: consolas; font-size: 13px; color: #a31515;">"Success!"</span><span style="font-family: consolas; font-size: 13px;">)</span></p> <p><span style="font-family: consolas; font-size: 13px; color: #0000ff;">        Return</span></p> <p><span style="font-family: consolas; font-size: 13px; color: #0000ff;">    End</span><span style="font-family: consolas; font-size: 13px;"> </span><span style="font-family: consolas; font-size: 13px; color: #0000ff;">If</span></p> <p><span style="font-family: consolas; font-size: 13px; color: #0000ff;">End</span><span style="font-family: consolas; font-size: 13px;"> </span><span style="font-family: consolas; font-size: 13px; color: #0000ff;">Sub</span></p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment4906 Marius H Enerud http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Thu, 18 Nov 2010 16:10:38 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization <p>Oops! Seems that I refreshed the page so that my text was posted several times... sorry!</p> <p>Thanks for your explanation, but unfortunately it didnt help me: I still receive the same exception when I try to call the Login-function. </p> <p>Here is det exception that raises when I try to call the Login-function in the Authenication class :</p> <p><em>Load operation failed for query Login. Could not load type<br /> 'RlAinterview.web.CustomMembershipProvider' from assembly<br /> 'RlAinterview.web'. (C:\Users\marius\Documents\Visual Studio<br /> 20 1O\Projects\RlAinterview\RlAinterview.web\web.config line 24)<br /> Inner exception message: Could not load type<br /> 'RlAinterview.web.CustomtMlembershipProvider' from assembly<br /> 'RlAinterview.Web'.</em></p> <p><em>   at System.Web.Security.Membership.Initialize()<br />    at System.Web.Security.Membership.get_Provider()<br />    at System.Web.Security.Membership.ValidateUser(String username, String password)<br />    at System.ServiceModel.DomainServices.Server.ApplicationServices.AuthenticationBase`1.ValidateUser(String userName, String password)<br />    at System.ServiceModel.DomainServices.Server.ApplicationServices.AuthenticationBase`1.Login(String userName, String password, Boolean isPersistent, String customData)<br />    at Login(DomainService , Object[] )<br />    at System.ServiceModel.DomainServices.Server.ReflectionDomainServiceDescriptionProvider.ReflectionDomainOperationEntry.Invoke(DomainService domainService, Object[] parameters)<br />    at System.ServiceModel.DomainServices.Server.DomainOperationEntry.Invoke(DomainService domainService, Object[] parameters, Int32& totalCount)<br />    at System.ServiceModel.DomainServices.Server.DomainService.Query(QueryDescription queryDescription, IEnumerable`1& validationErrors, Int32& totalCount)<br />    at System.ServiceModel.DomainServices.Hosting.QueryProcessor.Process[TEntity](DomainService domainService, DomainOperationEntry queryOperation, Object[] parameters, ServiceQuery serviceQuery, IEnumerable`1& validationErrors, Int32& totalCount)<br />    at System.ServiceModel.DomainServices.Hosting.QueryOperationBehavior`1.QueryOperationInvoker.InvokeCore(Object instance, Object[] inputs, Object[]& outputs)</em></p> <p><em></em> </p> <p>..and here is the code for the login-button that trigger the exception:</p> <p><span style="font-family: consolas; font-size: 13px; color: #0000ff;">Private</span><span style="font-family: consolas; font-size: 13px;"> </span><span style="font-family: consolas; font-size: 13px; color: #0000ff;">Sub</span><span style="font-family: consolas; font-size: 13px;"> OKButton_Click(</span><span style="font-family: consolas; font-size: 13px; color: #0000ff;">ByVal</span><span style="font-family: consolas; font-size: 13px;"> sender </span><span style="font-family: consolas; font-size: 13px; color: #0000ff;">As</span><span style="font-family: consolas; font-size: 13px;"> </span><span style="font-family: consolas; font-size: 13px; color: #0000ff;">Object</span><span style="font-family: consolas; font-size: 13px;">, </span><span style="font-family: consolas; font-size: 13px; color: #0000ff;">ByVal</span><span style="font-family: consolas; font-size: 13px;"> e </span><span style="font-family: consolas; font-size: 13px; color: #0000ff;">As</span><span style="font-family: consolas; font-size: 13px;"> </span><span style="font-family: consolas; font-size: 13px; color: #2b91af;">RoutedEventArgs</span><span style="font-family: consolas; font-size: 13px;">) </span><span style="font-family: consolas; font-size: 13px; color: #0000ff;">Handles</span><span style="font-family: consolas; font-size: 13px;"> OKButton.Click</span></p> <p><span style="font-family: consolas; font-size: 13px; color: #0000ff;">    Dim</span><span style="font-family: consolas; font-size: 13px;"> loginOp </span><span style="font-family: consolas; font-size: 13px; color: #0000ff;">As</span><span style="font-family: consolas; font-size: 13px;"> </span><span style="font-family: consolas; font-size: 13px; color: #2b91af;">LoginOperation</span><span style="font-family: consolas; font-size: 13px;"> = </span><span style="font-family: consolas; font-size: 13px; color: #2b91af;">WebContext</span><span style="font-family: consolas; font-size: 13px;">.Current.Authentication.Login(TextBox1.Text, TextBox2.Text)</span></p> <p><span style="font-family: consolas; font-size: 13px; color: #0000ff;">    AddHandler</span><span style="font-family: consolas; font-size: 13px;"> loginOp.Completed, </span><span style="font-family: consolas; font-size: 13px; color: #0000ff;">AddressOf</span><span style="font-family: consolas; font-size: 13px;"> loginIsCompleted</span></p> <p><span style="font-family: consolas; font-size: 13px; color: #0000ff;">End</span><span style="font-family: consolas; font-size: 13px;"> </span><span style="font-family: consolas; font-size: 13px; color: #0000ff;">Sub</span></p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment4905 Marius H Enerud http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Thu, 18 Nov 2010 16:06:54 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization The only thing particular to VB is that they hide your root namespace from you more so than C#. You have to know what your fully qualified type name is. I can't tell that without seeing your project code, but again, unless you have customized your namespaces, it is the project name that you added the class to. So if you added it to your web project and its name is MySLHost.Web, then your type name is MySLHost.Web.CustomMembershipProvider and the type attribute on your membership add eleement would be MySLHost.Web.CustomMembershipProvider,MySLHost.Web. http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment4904 Brian Noyes http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Thu, 18 Nov 2010 15:36:29 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization <p>Thanks for your quick answer, Brian. But I'm still a bit confused about how to resolve the issue..</p> <p>If I would create my own MembershipProvider-class (based on the techniques in your text) and I would call it "CustomMembershipProvider", how do I reference it in the web.config file to avoid the exception? Are there any other elements that I need to configure to get it working?</p> <p>I forgot to mention that I'm writing this Solution in VB.</p> <p> </p> <p>thanks again,</p> <p>Marius</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment4903 Marius H Enerud http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Thu, 18 Nov 2010 15:12:19 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization Hi Marius, The type property in the membership element just needs to take on the form "fully-qualified-type-name,assemblyname". So whatever your custom provider name is with its full namespace (i.e. web project name by default if you put it there, or class library project name by default if you put it there). If you put it in a class library, you will naturally also need a reference to that library to get it pulled into the \bin directory of the web app, even though there is no code in your web app that is using it, once you add it to your config the framework is going to use it in the web app. You of course could use the built in SqlMembershipProvider as well. http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment4898 Brian Noyes http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Thu, 18 Nov 2010 13:17:27 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization <p>Thanks for your quick answer, Brian. But I'm still a bit confused about how to resolve the issue..</p> <p>If I would create my own MembershipProvider-class (based on the techniques in your text) and I would call it "CustomMembershipProvider", how do I reference it in the web.config file to avoid the exception? Are there any other elements that I need to configure to get it working?</p> <p>I forgot to mention that I'm writing this Solution in VB.</p> <p> </p> <p>thanks again,</p> <p>Marius</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment4893 Marius H Enerud http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Thu, 18 Nov 2010 12:06:04 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization <p>Looks like you modified the membership element and broke it. The one in the download code reads:</p> <p><membership defaultProvider="myCustomProvider"><br />       <providers><br />         <add name="myCustomProvider" type="TaskManager.Web.CustomMembershipProvider,TaskManager.Web"/><br />       </providers><br />     </membership></p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment4887 Brian Noyes http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Thu, 18 Nov 2010 00:23:57 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization <p>Hi!</p> <p>Thanks for this nice tutorial! I'm pretty new into Silverlight and I seem to have a problem that struggle to solve:</p> <p>I followed your tutorial step-by-step, but when I execute the application and push the OK-button (to run the login) I get an exception:</p> <p>Load operation failed for query 'Login'. Could not load type 'Web.CustomerMembershipProvider'. </p> <p>The exception fires here in the web.config file:</p> <span style="color: #0000ff;"> <div class="reCodeBlock" style="border:1px solid #7f9db9;overflow-y: auto;"> <div style="background-color: #ffffff;"><span style="margin-left: 0px !important;"><code style="color: #000000;"><</code><code style="color: #006699; font-weight: bold;">membership</code> <code style="color: #808080;">defaultProvider</code><code style="color: #000000;">=</code><code style="color: blue;">"myCustomProvider"</code><code style="color: #000000;">></code></span></div> <div style="background-color: #f8f8f8;"><span style="font-family: 'times new roman';"><code>    </code><span style="margin-left: 12px !important;"><code style="color: #000000;"><</code><code style="color: #006699; font-weight: bold;">providers</code><code style="color: #000000;">></code></span></span></div> <div style="background-color: #ffffff;"><span style="font-family: 'times new roman';"><code>        </code><span style="margin-left: 24px !important;"><code style="color: #000000;"><</code><code style="color: #006699; font-weight: bold;">add</code> <code style="color: #808080;">name</code><code style="color: #000000;">=</code><code style="color: blue;">"myCustomProvider"</code> <code style="color: #808080;">type</code><code style="color: #000000;">=</code><code style="color: blue;">"Web.CustomMembershipProvider"</code><code style="color: #000000;">/></code></span></span></div> <div style="background-color: #f8f8f8;"><span style="font-family: 'times new roman';"><code>    </code><span style="margin-left: 12px !important;"><code style="color: #000000;"></</code><code style="color: #006699; font-weight: bold;">providers</code><code style="color: #000000;">></code></span></span></div> <div style="background-color: #ffffff;"><span style="margin-left: 0px !important;"><code style="color: #000000;"></</code><code style="color: #006699; font-weight: bold;">membership</code><code style="color: #000000;">></code></span></div> </div> </span> <p><span style="font-family: consolas; font-size: 13px;"></span>I thought maybe that I should have a Namespace.ClassName naming convention, but I tried all kinds of namespaces without success...</p> <p>Do you know what could be the answer to my problem?</p> <p>Thanks, </p> <p>Marius</p> <p> </p> <p> </p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment4886 Marius H Enerud http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Thu, 18 Nov 2010 00:05:02 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization How's the rest of the topics coming along?  I'm eagerly waiting for "Structuring WCF RIA Services Applications". http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment4842 KK http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Wed, 10 Nov 2010 07:51:20 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization <p>Ted, </p> <p>You have two choices - one is a custom authentication domain service and override ValidateUser to do your own look up wherever you like. The other that I favor is writing custom membership and role providers that do those look ups because then those can be integrated with non-RIA WCF services, ASP.NET, Client Application Services, or anywhere else membership and role providers are used. There are tons of examples of writing custom membership and role provides out there. </p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment4775 Brian Noyes http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Thu, 28 Oct 2010 15:34:53 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization <p>Thanks Brian, this is nice and useful as far as it goes.  However, while you deal with making the "<span style="font-size: 13px;">Authentication Domain Service</span>", you say nothing about where the data is actually stored.  All of the examples I have found so far that deal with these assume the data is stored in some version of MS SQL.  I have been told that if I want to use a different RDBMS, such as MySQL, I have to make a customer authentication domain service.</p> <p>Now, creating a data model using a connection I have previously created to a schema in MySQL is trivially easy.  And  have created a test schema with a table to hold user credentials (along with an additional 'nickname'), a lookup table with role names, and a third to hold the many to many relations between useers and roles.  Can you either tell me how to tell my custom authentication domain service to use it rather than look for a DB in MS SQL, or point me to a resource that shows how to do it?</p> <p>Thanks</p> <p>Ted</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment4769 Ted http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Thu, 28 Oct 2010 06:52:25 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization <p>Brian, thanks again.  I think I'll have to settle for using Windows auth.  I have tried it and it does work, but I wanted to avoid using the browser to establish the login, and let the Silverlight application do it.  We'll go that way for now.</p> <p>-Randy</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment4764 hunsra http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Wed, 27 Oct 2010 22:14:33 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization <p>Randy, since the AuthenticationService is a separate service, doing something there would not have an effect in the other services. That service just allows a security context to be set up that can then be returned to the client. In fact, if you don't need to do any authorization or personalization client side, you don't even need an authentication service, just the membership providers set up on the individual domain services host. </p> <p> For the impersonation thing, now that I think it through a little more, that would not work. Was remembering use of the WindowIdentity in a scenario where you did have the full creds available. If you used Windows auth instead of Forms however, I think it might work, but again have not tried that part.</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment4763 Brian Noyes http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Wed, 27 Oct 2010 21:48:38 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization Brian, <p>Thank you for the quick response.  So, if I understand you correctly, it's not possible to customize the AuthenticationBase<User> -based authentication domain service class in some way so that when its Login() method is called the user is impersonated, right?</p> <p>To use your suggestion about establishing a WindowsPrincipal in the RIA service, how would the service discover the credentials used during the login operation?  The DomainServiceContext object passed to the Initialize() method includes a User property of the IPricipal type, and that includes an Identity property of the IIdentity type.  But that only includes the user name, not the password.</p> <p>Thanks for any help you can provide.</p> -Randy http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment4761 hunsra http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Wed, 27 Oct 2010 21:20:42 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization Randy, In combination with the membership provider you could not impersonate. Even though the credentials are being validated against Windows, you are not establishing a WindowsPrincipal on the thread, which is required for Impersonation. In fact, RIA Services never establishes a thread principal, instead keeping the authorization context in its own service context. You could potentially set up your own WindowsPrincipal and establish it in the Initialize method of the service based on the credentials. I don't have a working sample of that, but have done it in the past through the WindowsIdentity class. http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment4760 Brian Noyes http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Wed, 27 Oct 2010 20:52:25 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization Hi Brian,<br /> <br /> Thank you for the excellent post.  It has helped to clear things up a bit for me.  I have a question related to the statements "... For the Windows case, you may require the user to enter a domain account on the client side because they could be working from a home or public computer that is not part of the domain ..." and "... You can collect the user credentials in either case before the Silverlight application launches through a web login form that uses normal Forms Authentication to pass the user credentials in a cookie, or by using RIA Services to pass the credentials from within the Silverlight application ..." you wrote in the post:<br /> <br /> If I want to use Windows credentials (i.e. a Windows username, domain, and password) instead of proprietary application credentials to authenticate users, but want to use the Silverlight application to collect them (rather than the browser), how would I get a WCF service to impersonate the given user?  I understand how I would implement the "ValidateUser" method in the CustomMembershipProvider class (call the Win32 LogonUser API), but I don't see how I would be able to impersonate the identity in a WCF service once the user has logged in.  Can you provide any insight?<br /> <br /> Thanks again!<br /> Randy http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment4759 hunsra http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Wed, 27 Oct 2010 20:30:11 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization <p>Hi Brian,</p> <p>Is it possible to use an ObjectDataSource in a Silverlight solution?  I'm creating a prototype for a customer, and they don't necessarily want a database, membership provider, etc. included in the prototype.  Yet, we want to demonstrate the Silverlight Business Application's login functionality, protecting some pages from unauthenticated users, etc.  How would you suggest we proceed with using authentication and not going with a SQL Membership provider?</p> <p>Thanks,</p> <p>Sid</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment4681 schilders http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Thu, 14 Oct 2010 01:23:58 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization <p>Hi Cleyton,</p> <p>Answered in both places just in case... :) Sorry, but just have had some schedule conflicts and priorities recently delaying me. Will have Part 8 out by end of October and Part 9 and 10 in November.</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment4666 Brian Noyes http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Wed, 13 Oct 2010 13:49:02 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization <p>Sorry. I meant to write my message in this article:</p> <p>Hi,</p> <p>I would like to congratulate you on these articles. They are fantastic. Thanks for this brillant series of articles. </p> <p>I really would like to learn how to test WCF Ria services and other stuff. </p> <p>When are you planning to finish the remaining articles?</p> <ol> <li>Debugging and Testing WCF RIA Services Applications </li> <li>Structuring WCF RIA Services Applications </li> <li>Exposing Additional Domain Service Endpoints for Other Clients </li> </ol> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment4658 Cleyotn http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Wed, 13 Oct 2010 12:04:14 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization <p>brian, </p> <p>Can't wait for part-8 and part -9 and part-10 and 11... </p> <p>:)</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment4647 eric yan http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Tue, 12 Oct 2010 08:31:40 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization <p>Brian,</p> <p>I would like to moderate the "simple" statement in my last comment to "possible". Although it is possible to use CAS, the WCF Authentication Service provides services more compatible with WCF RIA. By using shared cookie management implemented in a WCF Message Inspector/Behavior it's possible to combine the two in a relatively seamless way. None of the WCF RIA samples I have found deal with this issue, maybe this could be a section in a future article that deals with distributed solutions/applications, where the primary client is Silverlight but also has secondary clients e.g. a desktop application.</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment4632 Thomas t1 http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Fri, 08 Oct 2010 17:09:25 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization <p>Thanks for the tip Brian, turns out it's simple after all :) One of the very useful features of WCF RIA, IMHO, is the ability to use the same domain service from Silverlight, ASP.NET and non-web applications, which I'll be able to do via the Client Application Services, thanks again!</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment4584 Thomas t1 http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Tue, 28 Sep 2010 16:52:41 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization <p>Thomas,</p> <p>Not really the right tool for the job in my opinion since you don't get any client side code generation to make the authentication service as useful. What you want to look at is "Client Application Services", which allows you to easily leverage Membership and Role providers in a different way in WPF and Windows Forms clients.</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment4581 Brian Noyes http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Tue, 28 Sep 2010 16:40:46 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization Very useful posts! What I cannot seem to figure out, is how to authenticate a stand-alone application (WPF/Windows Forms) against the domain service, any hints on how to acheive this would be very useful as the authentication for non-SL clients is not very well documented IMHO, feel free to prove me wrong :) http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment4580 Thomas t1 http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Tue, 28 Sep 2010 16:35:06 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization <p>Great post Brian.</p> <p>@daniel</p> <p>You have to implement your own authentication service to take advantage of it.</p> <p>public class MyAuthenticationService : DomainService, IAuthentication<MyUser></p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment4502 Kyle McClellan http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Fri, 17 Sep 2010 19:06:46 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization <p>Hi. Good article as always.<br /> I have a question about sending custom data when logging in.</p> <p>the AuthenticationBase.Login method has 'string customData' parameter, but this field seems to be ignored. and since it is not a virtual method, I can't override it. Is there a way to send custom data along with ID/Password when calling this method?</p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment4492 daniel http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Fri, 17 Sep 2010 03:48:06 GMT RE: WCF RIA Services Part 7 - Authentication and Authorization <p>Hi Brian,</p> <p>In Step 4, in LoginForm childwindow code, you are putting LoginOperations errors inside a textbox(errortextblock).</p> <p>Can you show instead of this direct input , how to raise validationresults so that a validationsummary control can catch all validations like "incorrect username" or "wrong password"?</p> <p>Also is it possible to use MetaDataClasses on server side to put Validation  Attributes like <Required()>, etc?</p> <p>Otherwise this post is great!!!</p> <p> </p> http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx#comment4488 Mahesh http://www.silverlightshow.net/items/WCF-RIA-Services-Part-7-Authentication-and-Authorization.aspx Thu, 16 Sep 2010 21:29:23 GMT