Good day!
I have an silverlight site (silverlight navigation application) and I want clients to log in on my site. I want to give them different rights of viewing pages.
A WCF service gives me true or false when I enter a login and a password. Then, if it returns true, I want to remember the logged user. How can I do it? Using cookies or global variable or something else?
You should look at WCF RIA Service in a combination with the ASP.NET Membership Provider.
There is also a Template for an AuthenticationService...
Examples here:
http://blogs.msdn.com/brada/archive/2010/03/26/silverlight-4-ria-services-ready-for-business-authentication-and-personalization.aspx
http://blogs.msdn.com/brada/archive/2008/05/03/accessing-the-asp-net-authentication-profile-and-role-service-in-silverlight.aspx
Although www.codeproject.com/KB/silverlight/SL3WindowsIdentityName.aspx is based upon Windows Authentication, could you not adapt the first part of it for your needs?
Related
I have a silverlight application. I want the user to be able to logon using their windows credentials or better yet not have to logon at all, the application will just know who they are and approve them based on their user name.
Possible? If so then how?
Yes it is possible but not directly with Silverlight, you must use ASP.NET authentication for that.
Just create a separated webservice that is using Windows Integrated Authentication to get your data then the user validation will be on the server.
Heres two good article on how to do it :
http://msdn.microsoft.com/en-us/library/dd744835(v=vs.95).aspx
http://msdn.microsoft.com/en-us/magazine/ff646975.aspx
I m building a multi-tenant mvc application hosted in windows azure.
I would like to leverage access control service to allow user to get authenticated thanks to google, facebook, live id etc...
I managed to get a simple authentication working with a postback url that is configured in the Relying Party Application Settings.
but in my scenario it is more like that:
client1.mydomain.com/login or client1.com/login will go to the the providers pages select let's say google then he will sign in and then he will be redirected to client1.mydomain.com/Admin or client1.com/Admin
how can I achive that for any clients? should I add a relying party application for each client? can it be done by code? Is it ok with facebook?
I would like also the admin panel to be in silverlight, once the client is authenticated will he remain authenticated in the silverlight app?
Thank you by advance for any help or links that can help.
Fred
To answer your questions I would say yes to all. Each application would have to be set up as a relying party. So you would need to configure your app to use WIF and point to your Azure ACS.
All of these scenarios are covered in the Microsoft identity developer training kit.
Hopes this helps.
I have created Silverlight Login Page. I use PasswordBox in that page and use this solution to do MVVM in my application. BTW after I read this answer I realize that current solution is not secure.
I want to know how can I improve security in my solution even though it will break MVVM.
You should send the password over HTTPS. The Session ID should also be transmitted over HTTPS at all times or you would be violating OWASP A9 - Insufficient Transport Layer Protection.
I always consider my Silverlight applications in the context of the website they're running on. So, if the user logs into the website, I don't want them to have to login again when they get to the Silverlight app that runs from the website.
As such, I do not have a login screen in my Silverlight app. The folder that contains the Silverlight app redirects back to the ASP.Net login page and the user logs in there before ever entering the Silverlight app. Once that is done, the Silverlight app can get the user's details by making a request to the server.
I started a Silverlight 4 RIA Services application with the Navigation Application template,
instead of the Business Application template.
Now I want to add authentication to that application (to protect a page from unauthenticated users)
I've added an AuthenticationService to the project,
but I'm not sure what the steps are now to get it actually working and there doesn't seem to be a way to "upgrade" to the business application template.
I can add the [RequiresAuthentication] attribute to some of the normal service methods,
but I cannot figure out how to allow the user to log in or prevent a user from opening a specific page.
Is there any guidance for an "upgrade" like this?
You need to configure the hosting ASP.Net App to enable forms authentication, which will probably require the configuration of an authentication provider.
Try this
http://msdn.microsoft.com/en-us/library/ee707353(VS.91).aspx
edit: doh moments too late ;)
I'd like to use Google AppEngine with Silverlight client. I'm hoping to use the Google login authentication mechanism within the Silverlight client. Is this possible? Does anyone have any example sites where a RIA client used in conjunction with Google AppEngine security?
Thanks.
You need to have your users log in via a regular HTML page, then send them to the page with the silverlight client. Anything else would be encouraging users to enter their credentials into a third-party site, which is a Bad Idea.
I really don't believe that is true, meaning if you have an installed application Google has a login that allows you to enter username and pwd in your application. I believe silverlight is closer to windows application. Here is the login mechanism
http://code.google.com/apis/accounts/docs/AuthForInstalledApps.html