Security is a key component of applications and something that developers often struggle with to get right. How do you authenticate a user? How do you integrate roles and use them to show or hide different parts of a screen? These and other questions commonly come up as I talk with developers working on ASP.NET and Silverlight applications.
While I was presenting a workshop on Silverlight at the DevConnections conference in Orlando last March, an audience member asked me a question about how I handle security roles in Silverlight applications. Since I had just implemented a security mechanism for a customer, I gave a brief response but didn't have a sample application available to share to point people in the right direction. After the workshop was over, I put together a sample application to demonstrate one potential approach for accessing usernames and roles. I'll walk through the sample application in this article and highlight the key components.
The goal of the article isn't to dictate how to authenticate users, since every application has unique requirements. However, I will discuss general techniques for accessing usernames and working with roles to block access to views and show or hide controls.
Working with Security
Silverlight applications can take advantage of Windows and Forms authentication techniques and can integrate user roles into the mix as well. However, unless you use Windows Communication Foundation (WCF) RIA Services on the back end, you'll need to write the plumbing code to authenticate a user if you need to do so directly within the application. WCF RIA Services projects provide login and registration screens out of the box that leverage Forms authentication by default. You can view a walk-through of the WCF RIA Services authentication process.
WCF RIA Services also provides a means for accessing an authenticated user's username and roles by using a WebContext object. This isn't possible out of the box in a standard Silverlight application unless you write custom code to handle it. If WCF RIA Services is appropriate for your project, then it's a great way to go for handling data exchange and security tasks. If you won't be using WCF RIA Services, then this article will provide insight into other techniques that can be used.
Read more: DevProConnections
Posts
0 comments:
Post a Comment