Silverlight and .NET RIA Services - Managing Users - silverlight

I am building a Silverlight 3 application that uses .NET RIA Services. This application is hosted in an ASP.NET application that uses the default aspnet_Membership tables. My Silverlight application requires users to login. If they are a member of a certain role, I want to allow them to manage the application's users.
Currently, I can authenticate a user and see what roles they belong to. However, I cannot figure out how to do other tasks handled by the ASP.NET MembershipProvider. Things like creating users, resetting their password, etc.
How do I do these types of things through a Silverlight application that uses .NET RIA Services?
Thank you!

Correct me if I am wrong, but as I checked MembershipProvider, there are already methods for Creating Users, Resetting Password, Changing Passwords or Deleting Users
Or probably you wanted to ask something else or probably the question is incomplete?

Related

How do I get forms authentication in silverlight to be more resilient?

I have a silverlight application backed by RIA services & EntityFramework. Users log in directly in the silverlight application. We have the [RequiresAuthentication] attribute on the DomainService and have implemented custom MembershipProvider/AuthenticationBase<UserBase> for custom authentication utilizing "forms authentication". All of this is working well to authenticate users.
The problem is that users with laptops using wifi will travel through the building and hand off between wifi access points. As soon as that handoff occurs, the users session is immediately terminated - with no notice to the user. I would like some way to make the session more resilient. Asp.Net's out-of-the-box forms authentication seems to do this well - as long as you are inside the session timeout and you haven't deleted your cookies, you are good to go regardless of any temporary connectivity issues. What can I do to get my Silverlight app to be at least as resilient as a standard asp.net app?
One thing that might be the issue, is that I haven't implemented many of the functions in the MembershipProvider - really only ApplicatinName and ValidateUser(). Could that be the source of my problem?

What are the alternatives to Windows security subsystem in .NET winforms applications

I'm about to start development work on .NET 4.0 winforms application running on top of a Microsoft SQL Server 2012 database.
The number of users supposed to use the application might be any where between 2 to 10 and the application should be able to run either on a single stand alone computer or in an intranet in a windows environment.
in case the application is run on a single computer, each user would log into the application (not into windows) and perform what ever tasks they are authorized to do and then log out of the application.
If the application is configured to run on a small intranet, each user would log into the application from there respective office computers and do what ever they are authorized to do.
So, the application can run on a single none networked machine, where a single windows login account is being shared by staff at the facility but i have a requirement to allow access to certain application functionality depending on who is logged into the application, NOT who is logged into windows as the account might just be shared.
I have previously deployed ASP.NET applications in networked environments and used the SQL Membership, Roles and Profiles provider for authentication and authorization While for winforms apps, i have relied on active directory authentication.
Now with this particular project, i am wondering what the best solution might be. Probably some one here has implemented a solution for such a scenario and can give advice.
I have looked at this http://www.codeproject.com/Articles/27670/Implementing-Application-Security-with-Client-Appl solution but i still want to hear from the SO masses.
ALSO, any recommendation for a better post Title is welcome.
Once I worked in a WinForm application which was supposed to run on intranet, each user would log into the application....and this application was using centralized web service to authentication and other CRUD operation....The service was mediator between WinForm app and DB.
The approach given in code project article which u mentioned in question...is also fine.
Anyway I also got curious here....As you said u are about to start development in .Net 4.0 Winform.....I would like to understand why you made this choice over WPF? What reasons u got to favor WinForm in your scenario ?

Silverlight Sharepoint 2010 web part windows authentication

I'm trying to authenticate my silverlight application to get windows user name, which then I use to get some further information. Have looked it up, but the answers I found were about configuring the web service to get it. Is there a way, to get windows credentials strictly in Silverlight? I cannot find .Credentials, the only thing I see is .ClientCredentials, but apparently it doesn't show the required information. I am getting the string "System.ServiceModel.Security.UserNamePasswordClientCredential". It actually allows me to set up the name, not retrieve it. Also there is a web service called authentication.asmx, but as before it applies to other purposes. Neither do I have any web service I could reference to and configure them. Or am I missing something? Perhaps I can retrieve the windows credential by NTLM or Kerberos? I am using Visual Web Developer 2010 Express with Silverlight 5.
My Experience is that the Membership framework that is present in the asp.net world is not available in silverlight. In order to achieve something similar I had to implement a web service (WCF) that was directed at the domain's active directory (ldap) server. Silverlight is a very strict framework in terms of interoperability, its good for security but has some limitations.
I am not sure about your level of knowledge of the active directory but here is a link that deal with a lot of the possible operations and has sample C# code to go along.
http://www.codeproject.com/Articles/18102/Howto-Almost-Everything-In-Active-Directory-via-C#40a

.net winform talking to Silverlight

Im currently working on registration of our application. Basically we have a simple concurrent licensing system so when the user logs in we store their computer name and logon name to uniquely identify them. This is done from a simple winforms app that allows us to retrieve this data.
We now have a brother silverlight project that must work in the same licensing. The situation being that if a user logs into the winforms app they will use one license and if they log in on our silverlight app it will still use the one license because they are accessing it from the same computer.
The problem is that we cannot retrieve the clients machine and logon name with the silverlight application.
Can anybody think of a way of handling this? Or am i going bout it totally the wrong way.
Thanks
Forms or Windows authentication.
Once authenticated you can retrieve anything you want (such as user claims, user profile...etc) which is provided through a web service. This of course mean you are communicating with some database somewhere.

Impersonate User for Silverlight Unit Test

I'm attempting to write some tests using the Silverlight Unit Test Framework (the unsupported, unofficial MS library Microsoft.Silverlight.Testing). I need to impersonate three different users when testing some functionality of our application.
Our application is for internal use at our company, so the authenticated user may get different functionality based on security groups they are members of (e.g. read/write permission, read-only, no access).
The Microsoft.VisualStudio.TestTools.UnitTesting.Web namespace has the CredentialAttribute for impersonating different users when testing an ASP.NET app, but that's not available in Microsoft.Silverlight.Testing.
Any suggestions on how to accomplish this? The simplest working solution will win a prize (my never-ending appreciation)!
Everything in the Silverlight unit test framework (and Silverlight platform) is going to be truly client-side, so what you're talking about is changing the authenticated user to the server, and its web services, I assume.
That's a difficult task, instead I'd recommend mocking the business objects/logic to allow you to swap out the underlying user type for your testing.

Resources