I am having difficulty setting up proper security around the web service data portal. If I allow anonymous access in IIS, everything works great using csla, however, that will not fly in my environment so I need to figure out security. I have read through Rocky's book(approx 8hrs worth), reviewed the sample app, and searched the forums, yet I still have not figure this problem out. However, from reading the forums I get a feeling that alot of newbies have ancountered similiar problems around a "known issue"; but I am not sure what version of the csla they were working on and what the exact nature of the known issue was. So, here is what I am encountering:
In Win Client config: <
add key="CslaAuthentication" value="Windows" />In Web Data portal proxy config: <add key="CslaAuthentication" value="Windows"/>
In Form_Load of test form in win client: AppDomain.CurrentDomain.SetPrincipalPolicy( _
System.Security.Principal.PrincipalPolicy.WindowsPrincipal)
I am not sure what I am doing wrong but I am stuck and need to push forward. I am setting up the application skeleton at this point as a proof of concept in using the csla in our environment. I would like to use winodws authentication and a custom role based authentication (hybrid); but for now I simply want to get the basic window security working. I have worked in .net web apps for 6yrs but never has to tackle the security end of things. Any help would be appreciated. Thanks!
I solved my problem by adding the UseDefaultCredentials equal to true to the WebServicesProxy Facoty Function, line 19:
Public Class WebServicesProxy
Implements DataPortalClient.IDataPortalProxy
Private Function GetPortal() As WebServiceHost.WebServicePortal
Dim wsvc As New WebServiceHost.WebServicePortal
wsvc.Url = ApplicationContext.DataPortalUrl.ToString
wsvc.UseDefaultCredentials = True
....
This solved the problem, though I do not like having to edit the CSLA core to do it. If someone has a better solution please provide.
Best,
Joey
Copyright (c) Marimer LLC