Search

A little bit of hidden gem in the Silverlight 4 release is the ability to modify the Authorization header in network calls. For most, the sheer ability to leverage network credentials in the networking stack will be enough.  But there are times when you may be working with an API that requires something other than basic authentication, but uses the Authorization HTTP header.

One of the recurrent questions people ask me in the forums is about the applying of security constraint to the applications being developed. The last releases of useful tools like WCF Ria Services added the capability of bringing the security context from the server to the plugin running into the browser. This let the developer to have the current logged-in user and his roles available to apply rules to elements of the user interface.

With WCF Ria Services you can create easily an AuthenticationDomainContext and when you make a reference to it from a Silverlight project you will have available a class named WebContext.

After my last blog post on “Create a Login Window in WPF”, I had a lot of requests for how to create the same login screen in Silverlight 3. There are actually just a few changes that had to be made to get the same look in feel in Silverlight 3.

With this post Bryant Likes aims to answer a question that came up in the Silverlight Forums about how to timeout a user when using .NET RIA Services.

Since I have implemented this before I thought I would share an approach I used. There might be a better way that is more integrated with the ASP.Net security, but for now this works.

To start with, you’ll need the Sample Application that Brad Abram has been building and blogging about and you might want to read through this post on Authentication in RIA Services before going any further. Once you have that and can build/run it on your machine you can continue on.

The data we work with in business application is valuable.  We need to protect the data.. sometimes by keeping up with exactly who accesses and updates what data when and other times we need to actively prevent data from being accessed expected by trust parties.   

The web is increasingly becoming a personal place – applications often “know about you” enabling users to having customized settings that work everywhere the apps works. 

You can find Brad's full series here.

The goals for this update are:

1. Show even more of a web like user model.  With the web, you often see all the links in the navigation, but the actual page only downloads once the user clicked the link. 
2. Lose coupling.  I need to be able to be able dynamically add, update even remove pages from my application without taking down the app and without rebuilding it.
3. Built in authentication.  In real business apps, we need to protect our data, so authentication is  very important. 

In this next post Al Pascual talks about security and authentication with .NET RIA Services. But first you better read the previous post from this series so you can catch up.

I have received many questions about the previous post of how the proxy files actually work. I was looking how .NET RIA Service connects ASP.NET and Silverlight, I was expecting the code that I call from Silverlight using the generated proxy file to call the ASP.NET in the server, yet this is not the case, .NET RIA Service makes a complete copy of the file and compiles it under Silverlight, so all the shared code is just that, 2 different classes, one running in ASP.NET and the other running in Silverlight. That’s why you need to make sure the classes you use in ASP.NET are 3.5 compatible.

Brad Abrams wants to use this post to focus on POCO as a data source. If you have missed the previous posts of the series here they are: 

• Part 1: Navigation Basics
• Part 2: Rich Data Query
• Part 3: Authentication
• Part 4: SEO, Export to Excel and Out of Browser
• Part 5: Astoria, Add Service Reference and WinForms
• Part 6: Data Transfer Objects (DTOs)
• Part 7: ADO.NET Data Services Based Data Store 
• Part 8: WCF Based Data Source

Some customers have asked about the “live” version I have running on one of Scott Haneslman’s servers (thanks Scott!) [..]

Scott gave me a FTP access and a web server, but I didn’t want to hassle with setting up a database (though he did offer).  So I thought I'd use the POCO support in RIA Services to just get data from plain old CLR objects.  Personally, I think far too many of our samples show only Entity Framework… So this is a good excuse to show that off.