Part 1, Silverlight Authentication & Role Validation
Jun 22, 2009
Login to Rate
:( Error
0
0
Summary
Welcome to the first part of building the AdventureWorks Ops business application. In this first part, we look at integrating authentication and authorization services provided by ASP.NET Application Services. Our goal is to leverage the included services that ASP.NET provides for the means of user authentication and role validation. ASP.NET provides these as a part of the runtime and also gives us a method of exposing these core features as Windows Communication Foundation (WCF) services. This video will walk you through the steps required and demonstrate how we set up logging in various users via Silverlight as well as using their role information to determine their application capabilities.
Topics Covered
- ASP.NET user Authentication & Role validation services
- Windows Communication Foundation (WCF) services
- LoginAsync
- RoleServices
Setting up the Services
To set up the services, we first have to have a web application to host them. Once we have that, we’ll enable the services as WCF endpoints. Let’s look at the Authentication service first (the process for Roles will be the same). First, in Visual Studio 2008, add a new item to the web project. Choose a Text File so that we don’t get all the stuff from the other WCF item templates (WCF Service and Silverlight-enabled WCF Service) initially…we’ll add our own information—you can call the file Auth.svc.
In the new text file, you’ll add one line as displayed here:
CS
1: <%@ ServiceHost Language="C#" Service="System.Web.ApplicationServices.AuthenticationService" %>
That’s it for the .svc file…we don’t need anything else in there. By indicating the Service attribute pointing to the class for our AuthenticationService, there is nothing more that this particular file needs as content…it is serving as an endpoint now.
Enabling the WCF contract
The next step is to provide the service information in the web.config of our ASP.NET application. We will need the system.serviceModel node there and add the behavior, bindings, services and ASP.NET compatibility child nodes to that. For our authentication service it looks like this:
CS
1: <system.serviceModel>
2: <behaviors>
3: <serviceBehaviors>
4: <behavior name="AppServicesBehavior">
5: <serviceMetadata httpGetEnabled="true"/>
6: </behavior>
7: </serviceBehaviors>
8: </behaviors>
9:
10: <bindings>
11: <basicHttpBinding>
12: <binding name="userHttp">
13:
14: <security mode="None"/>
15: </binding>
16: </basicHttpBinding>
17: </bindings>
18:
19: <services>
20: <service name="System.Web.ApplicationServices.AuthenticationService" behaviorConfiguration="AppServicesBehavior">
21: <endpoint contract="System.Web.ApplicationServices.AuthenticationService" binding="basicHttpBinding" bindingConfiguration="userHttp" bindingNamespace="http://asp.net/ApplicationServices/v200"/>
22: </service>
23: </services>
24:
25: <serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
26: </system.serviceModel>
By having this definition we’ve now completed the WCF configuration aspects of the service. Notice the basicHttpBinding type as that is the type that is currently supported in Silverlight. We now need to tell ASP.NET to enable these application services as scriptable services. We do this in the system.web.extensions node of the web.config and add this information:
CS
1: <system.web.extensions>
2: <scripting>
3: <webServices>
4: <authenticationService enabled="true" requireSSL="false"/>
5: </webServices>
6: </scripting>
7: </system.web.extensions>
Calling the Services
This now enables the service endpoint (Auth.svc file) to be called as a service and scriptable. Now when we call them we will follow the WCF asynchronous pattern for Silverlight. First in our Silverlight project, we will add Service Reference to our project and point to the Auth.svc endpoint that we’ve created.
Now in our LoginButton Click event handler we will call this code. We will instantiate a new AuthenticationServiceClient, which is an object that was generated for us as proxy code when we added the service reference in Visual Studio. We’ll add an event handler to the LoginCompleted event to process the result of our login attempt, and then we’ll call the Login command, which is actually LoginAsync. In our completed event handler, we’ll look at the result and act upon it. Our code will look somewhat like this:
CS
1: void LoginClicked(object sender, RoutedEventArgs e)
2: {
3: LoginProgress.Visibility = Visibility.Visible;
4: AuthenticationServiceClient auth = new AuthenticationServiceClient();
5: auth.LoginCompleted += new EventHandler<LoginCompletedEventArgs>(LoginCompleted);
6: auth.LoginAsync(UserName.Text, UserPassword.Password, string.Empty, true, UserName.Text);
7: }
8:
9: void LoginCompleted(object sender, LoginCompletedEventArgs e)
10: {
11: LoginProgress.Visibility = Visibility.Collapsed;
12: if (e.Error != null)
13: {
14:
15: }
16: else
17: {
18: if (!e.Result)
19: {
20:
21: }
22: else
23: {
24:
25: }
26: }
27: }
Tying it together
The video demonstrates tying all these together as well as enabling the RoleService and incorporating that into our application to determine functionality in our user interface. Take a look at the code for this first part to see how we were able to leverage the included features of ASP.NET Application Services in our Silverlight application. In the next part, we’ll use that same authorization information to secure our data service layer and implement data binding and editing in our Employee application.