CSLA Light intranet app authentication

CSLA Light intranet app authentication

Old forum URL: forums.lhotka.net/forums/t/6097.aspx

Afontan posted on Wednesday, January 07, 2009

Hi

I'm starting development of a Silverlight and CSLA Light app and don't know how to use Windows authentication. All samples have different authentication modes.

Regards,

Andres

 

 

 

ajj3085 replied on Wednesday, January 07, 2009

Usually you just use WindowsPrincipal and calling IsInRole... assuming of course you can get a WindowsPrincpal in Silverlight. 

Paul DeFrees replied on Wednesday, January 07, 2009

Silverlight does not have WindowsIdentity or WindowsPrincipal classes or any other implementations for that matter.  This is why the Silverlight version of CSLA contains CslaIdentity and BusinessPrincipalBase classes along with UnauthenticatedIdentity and UnauthenticatedPrincipal.  What I ended up doing was taking the security classes in the Rolodex example and modifiying them to autheticate the user using Directory Services.  I also assigned roles based upon Windows groups as well as what was stored in a database.  If you'd like to see what I've done, let me know.

sergeyb replied on Wednesday, January 07, 2009

Here are the instructions I had from the time this feature was developed.  You would need to inherit from Windows Identity when building Identity class.

 

Thanks.

 

 

How to setup CSLA for SL to use Windows Authentication

1.       Setup IIS to host WCF service for Data Portal and SL host web site.  The process does not seem to work on development IIS server.

2.       Setup virtual directory to use Integrated Windows authentication.  Disable anonymous access.

3.       Setup service model section in web.config for WCF hosted Data Portal in the following fashion in order to enable binding to send windows credentials:

4.       Important notes: you cannot use metadata exchange end point because mexHttpBinding does not support security settings

5.       If you are part of the domain, you must be logged on to the domain, either directly or via VPN.

 

<system.serviceModel>

<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />

<services>

           <service behaviorConfiguration="WcfPortalBehavior" name="Csla.Server.Hosts.Silverlight.WcfPortal">

                 <endpoint address="" binding="basicHttpBinding" contract="Csla.Server.Hosts.Silverlight.IWcfPortal" bindingConfiguration="MyBinding">

                       <identity>

                             <dns value="localhost"/>

                       </identity>

                 </endpoint>

                 <!--<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>-->

           </service>

     </services>

     <bindings>

           <basicHttpBinding>

                 <binding name="MyBinding">

                       <security mode="TransportCredentialOnly">

                             <transport clientCredentialType="Windows" />

                       </security>

                 </binding>

           </basicHttpBinding>

     </bindings>

 

<system.web>

<authentication mode="Windows"/>

            <identity impersonate="true"/>

 

 

Sergey Barskiy

Principal Consultant

office: 678.405.0687 | mobile: 404.388.1899

Magenic ®

Microsoft Worldwide Partner of the Year | Custom Development Solutions, Technical Innovation

 

From: Afontan [mailto:cslanet@lhotka.net]
Sent: Wednesday, January 07, 2009 9:34 AM
To: Sergey Barskiy
Subject: [CSLA .NET] CSLA Light intranet app authentication

 

Hi

I'm starting development of a Silverlight and CSLA Light app and don't know how to use Windows authentication. All samples have different authentication modes.

Regards,

Andres

 

 

 



RockfordLhotka replied on Wednesday, January 07, 2009

Look under this folder:

..\Source\cslalighttest\SecurityTest\WindowsAuthentication

Many of the authentication "sample code" is actually under the cslalighttest folder, because we had to write specific apps to test the various modes (due to IIS configuration, etc).

Copyright (c) Marimer LLC