Dynamic switching of authentication mode

Dynamic switching of authentication mode

Old forum URL: forums.lhotka.net/forums/t/8784.aspx

vjmasin posted on Thursday, April 08, 2010

Is there any way I could dynamically switch the authentication mode between Windows and Custom? (My client is Silverlight). That way, those users who are in the domain could login that way while users not in the domain could, say, provide a username and password. I would let the user choose which way they want to login (like SqlServer does) but then would switch dynamically how I communicate with the server.

From what I see in CSLA you have to set the authentication mode in the web.config files. Is there a way I could change it dynamically in code on a per thread basis?


RockfordLhotka replied on Thursday, April 08, 2010

If your client is Silverlight and your authentication is through the Silverlight app, then you are actually always using custom authn. The reason is that Silverlight has no concept of Windows authentication, so CSLA uses a special custom principal to simulate the process.

But if your user authenticates with the web site (using Windows auth) before the SL app launches, then you really are using Windows authentication, but it is ASP.NET, not Silverlight or CSLA that is doing the authentication.

vjmasin replied on Saturday, April 10, 2010

I will be using OOB so I can't authenticate via asp.net.

When I switch to Windows authentication in csla I noticed on the server that it picked up my Windows credentials. Is that what you mean when you say that csla uses a special custom principal? Are you, under the covers sending my windows name?

Is there any way to use AD with a silverlight OOB? It sounds like you are saying no.

RockfordLhotka replied on Saturday, April 10, 2010

OOB may be different, I haven't checked that.

But SL has no concept of Windows auth. None.

However, SL (when running on Windows) does use Windows networking to talk to the server. Windows networking can be set up to automatically provide your credentials to the server. My understanding is that there are several different ways that can work - but I'm not an IT Pro and really can't claim to understand all of them.

So if your server is identifying you as you, then Windows or your browser (or both) have provided the server with your credentials. Silverlight had nothing to do with it.

When you use the CSLA WindowsIdentity, what happens is that the CSLA WindowsIdentity object travels to the server, copies the Windows user information into its private fields and returns to the SL client. The SL client doesn't have the actual Windows identity object of course - that isn't serializable - but it has a CSLA object with a copy of the relevant data (username and groups/roles).

Copyright (c) Marimer LLC