Authentication v4.1

Authentication v4.1

Old forum URL:

enzed posted on Thursday, January 27, 2011

Does the authorization work - I'm having a wierd issue in the latest code base. It's wants to deserialise the principal server side but for some reason it tries to create an instance based on the client side version.  It can't find this server side.

Is there an obvious flaw I've introduced?

RockfordLhotka replied on Thursday, January 27, 2011

CSLA has always serialized the client-side principal/identity to the server if you use custom authentication, this is not new.

If you use Windows authn then CSLA doesn't try to serialize the principal, because WindowsPrincipal can't be serialized, and by using Windows authn you are telling CSLA that you want Windows to do the impersonation at the operating system level.

With Silverlight/WP7 clients the only authn model is "custom" because SL has no concept of things like a WindowsPrincipal. CSLA does include a "WindowsPrincipal" type for Silverlight, that understands how to go to the server, pull out all the information from the real server principal and return to the client. Basically we have infrastructure that helps you clone the server principal to the client. The same is true for ASP.NET MembershipProvider authn.

Copyright (c) Marimer LLC