I have a silverlight application. I want the user to be able to logon using their windows credentials or better yet not have to logon at all, the application will just know who they are and approve them based on their user name.
Possible? If so then how?
Yes it is possible but not directly with Silverlight, you must use ASP.NET authentication for that.
Just create a separated webservice that is using Windows Integrated Authentication to get your data then the user validation will be on the server.
Heres two good article on how to do it :
http://msdn.microsoft.com/en-us/library/dd744835(v=vs.95).aspx
http://msdn.microsoft.com/en-us/magazine/ff646975.aspx
Related
I am developing an application in Oracle ADF that needs to apply a user login authentication.
The security protocol followed by the company is to read the username from the Windows Credentials and checking if that username exists in a certain database table. The applications that use this policy are usually JSP or .NET applications and do this by setting response.setHeader("WWW-Authenticate", "NTLM") which pops the authentication dialog then reads the username entered and calls an SQL query to check if that username exists in the database and checks the role.
I need to implement that in ADF and I cannot find a way to do so. All the information that I've found is regarding configuring realms in the WebLogic and using an SQLAuthenticate on the Weblogic server.
I tried putting the code in a managed bean using beforePhase on the view and it didn't work.
What can I do?
You have three ways in order to accomplish this (one of them will cost you money!)
Check this Question and this java library and create a Servlet for Authentication behavior, but this way you won't be able to make ADF Security works, and you have to implement Security yourself
Check this article and that article to enable Kerberos with Weblogic, and in your ADF application in web.xml make the security as CLIENT-CERT, if you managed to use that ADF Security should work fine
Consider using Oracle Single Sign On solution which will require you paying for license
PS: All this solution will only work on IE & Chrome out of the box, you will have to make some configurations to make it work with firefox,
I am writing a Silverlight client and a WCF Service library solution in an Intranet environment.
As I understand it, if I set up Windows Authentication then calls to the service methods will only succeed if the caller is Authenticated in Windows and I do not need to write code to provide user credentials. I have several questions around this.
Am I correct?
I have been asked to make my application time out (as is often done with Internet applications) making the user log in again. However, I have enabled 'Integrated Windows Authentication' in advanced IE options and 'Automatic logon only in Intranet Zone' in the Security section. Effectively, now the user does not login to my application but to IE and Silverlight passes these credentials automatically to the WCF Service. I can change to 'Prompt for username and password' but then the credentials are only lost when IE is closed which I cannot do on a timeout. Even if I could I would have to close all IE opened Windows that were participating in the Intranet zone as the authentication seems to be shared amongst them.
Is it possible to impersonate another user? I have seen code to do this from a Windows application but the intellisense when using Silverlight does not seem provide the same functionality?
As far as I know you use IIS Windows Authentification. WCF services can be confugured independently and they have security based on Windows identity too, but they are a bit more difficult than traditional approach.
Your questions:
1.To disable anonymous users and allow only those users who are authentificated in Windows, you can write the following code:
<authorization>
<deny users="?"/>
</authorization>
After that user credentials will be required and passed automatically. And you don't need to send them from client's application.
If anonymous authentification is disabled by IIS, everything will work without extra code.
2.It's OK, IE and Chrome, unlike Firefox, don't require credentials every time when a user opens a web page. If you want to refresh a state of the application after timeout, you can do it without requesting credentials, for example using something of the sort of MessageBox.
3.Impersonation works only on a server side. But it's possibly to write necessary code in a WCF service and call it from a Silverlight client.
I'm just wondering if there's any way for WPF application integrated with windows live ID?
and it's actually for windows health vault [www.healthvault.com]
so health vault is using windows live id or open id to login into their system.
and what i gonna do is, creating wpf application (instead of web application) for health vault, so all of the login form username pass and everything is handled inside the wpf application without showing/using any internet browser.
so since this's quite new for me, i hope if there's somebody ever did this before especially for health vault system that run on standalone wpf app.
alright, so that's it,
thank you in advance!
You need to use "offline" authentication, instead of "online" authentication.
Online authentication requires the user to login every time through a web browser. This is good for web applications, but not good for applications like your's.
Offline authentication lets your application access the user's HealthVault record any time it wants to. The user never has to login. To use this, the user must go through a one time connection process. This is done using a connect-request. After the user goes through this process, your application is given two authentication tokens: a person-id and a record-id. These are what your application uses to connect to the user's HealthVault record, so they should be saved to a database or somewhere similar.
This MSDN page should help: http://msdn.microsoft.com/en-us/healthvault/cc507205.aspx
Good day!
I have an silverlight site (silverlight navigation application) and I want clients to log in on my site. I want to give them different rights of viewing pages.
A WCF service gives me true or false when I enter a login and a password. Then, if it returns true, I want to remember the logged user. How can I do it? Using cookies or global variable or something else?
You should look at WCF RIA Service in a combination with the ASP.NET Membership Provider.
There is also a Template for an AuthenticationService...
Examples here:
http://blogs.msdn.com/brada/archive/2010/03/26/silverlight-4-ria-services-ready-for-business-authentication-and-personalization.aspx
http://blogs.msdn.com/brada/archive/2008/05/03/accessing-the-asp-net-authentication-profile-and-role-service-in-silverlight.aspx
Although www.codeproject.com/KB/silverlight/SL3WindowsIdentityName.aspx is based upon Windows Authentication, could you not adapt the first part of it for your needs?
I need Single Sign On for two types of application: Silverlight 3 and Windows Forms.
Do you have any advice about how I could implement this?
Windows authentication is one possible solution. Any other?
Thanks
Best regards
Is the user authenticating through a Windows domain? If so you could use the domain credentials from both IIS (assuming that will host web services for Silverlight) and your WinForms.
On the IIS side you would use windows authentication for the web site hosting the Silverlight.
You can get the current user with WindowsIdentity.GetCurrentUser(). From there you can get the username, etc, and map that security context to your application's internal authorization.
The overall idea here is that the single sign-on would occur when the user logged into their workstation, and both the Winforms and IIS (Silverlight) would use that security context.