Freigeben über


Business Apps Example for Silverlight 3 RTM and .NET RIA Services July Update: Part 3: Authentication

More update on my Mix09 talk “building business applications with Silverlight 3”.

You can watch the original  video of the full session 

The demo requires (all 100% free and always free):

  1. VS2008 SP1 (Which includes Sql Express 2008)
  2. Silverlight 3 RTM
  3. .NET RIA Services July '09 Preview

Also, download the full demo files and check out the running application.

Today, we will talk about Authentication  

Business applications often access very important data.  It is important that you can audit, restrict and control access to your data.  Let’s look at how to use .NET RIA Services and SL3 to do that. 

Using the Silverlight Business Application Template this is super easy to do..  By default it is wired up the ASP.NET authentication system that offers a customizable user management system.   

I’ll show using Forms Auth, you can of course use Windows Auth with only very small tweaks to the template. 

image_thumb[56]

For this demo, I will show creating a new user, but if you already have a user base you can of course use that. 

image_thumb[57]

image_thumb[58]

Notice we get full validation here.  

Any now, when we log in the app knows who we are..

image_thumb[59]

Notice all of this UX on the client is completely customizable as all the source code is right there in the project.  But the out of box experience is not bad for many apps. 

Now that we are logged in, let’s do something with that user data.  For example, let’s make it such that only logged in users can access the super employee data.  Edit the SuperEmployeeDomainService class on the server to add the RequiresAuthentication attribute.  There are other attributes for things like “in role” and there is a way to do this in code if you’d like. 

 [RequiresAuthentication]
 public IQueryable<SuperEmployee> GetSuperEmployees()

Now, when we run this app and we are not logged in we get no data.  Notice this validation is done on the client for a good UX and again on the server to ensure security. 

image_thumb[60]

Then when we log in we get data!

image_thumb[61]

Comments

  • Anonymous
    July 13, 2009
    Hi brad I want to know how can i display Arabic Words in this example from right to left order , i tried to do this but the order of Arabic alphabit  if from left to right. thanks for these greate posts.

  • Anonymous
    July 13, 2009
    Probably it is possible to improve generated  MyApp.Web.g.cs  as now it  throws exception in addition to  attribute based validation rules for "password".

  • Anonymous
    July 13, 2009
    Hi Brad, I just wanted to warn you that your screenshot thumbnails link to file://C:/Users/brada/AppData/...

  • Anonymous
    July 14, 2009
    Brad, This looks great. Looks like RIA Services is going in the right direction. I'm glad to see that it considers other aspects like security. I've seen the need to restrict access not only at a method level but also to some of the DataMembers (eg. you will have the same GetProduct method, but I want to send the cost only to Managers).

  • Anonymous
    July 14, 2009
    The comment has been removed

  • Anonymous
    July 14, 2009
    >> Probably it is possible to improve generated  MyApp.Web.g.cs  as now it  throws exception in addition to  attribute based validation rules for "password". Michael  -  we have been around this a few times, there is not an easy asnwer..  But do check out David's blog post on this: http://blog.davidyack.com/journal/2009/5/18/suppressing-validationexception-during-debugging.html

  • Anonymous
    July 15, 2009
    The comment has been removed

  • Anonymous
    July 15, 2009
    When usings ria services July and windows authentication, how do you get the RiaContext.Current.User.Roles populated from the domain/ldap

  • Anonymous
    July 15, 2009
    Figured out what I was missing...need to make sure I specified the provider in my web.config defaultProvider="AspNetWindowsTokenRoleProvider"/> Full settings should be set under <system.web> <authentication mode="Windows"/> <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider"/>

  • Anonymous
    July 15, 2009
    The comment has been removed

  • Anonymous
    July 16, 2009
    Trying to use RIAServices Library. Have to remove ria link from the Silverlight project. Now riacontext is undefined. What do I need to do?

  • Anonymous
    July 16, 2009
    Edward -- yes, the RIA Link is required for codegen.. why did you have to remove it?

  • Anonymous
    July 16, 2009
    Reading (scanning really so that's probably the problem) the July 2009 docs on RIA. Probably confused. On page 133 -- it says the 'Enable RIA Services' option in the Silverlight library project has been enabled to creat a RIA Link with the mid-tier class library. --- Mine still has link to the .Web and there is not one available for the service library. So on page 143 it says 'The astute reader may have noticed .... the RIA Link was missing between Silverlight apps and Web App' On page 145 it says '... if your application involves multiple domain services or ..... consider using .NET RIA class libraries and remove the RIA LInk between the client and Web application projects'

  • Anonymous
    July 16, 2009
    The comment has been removed

  • Anonymous
    July 17, 2009
    Brad, Like Edward I would prefer to use the RIA .Net Set Class Libraries rather than having a link to the Web Application. I to do not get a RIAContext generated. Any chance you could update your example to show how authentication would work when using Class Libraries instead of having a RIA link to the Server Weba application?

  • Anonymous
    July 17, 2009
    Richie -- yes.. i am working on a class library example..  

  • Anonymous
    July 18, 2009
    In terms of modularity (Prism v2) I believe being able to support Authentication as part of a Service Class Library a must. The problems I had were with regards the ContextType of the RiaContext not being set and as such was getting an Object Reference Not Set error. Thanks Brad I really appreciate it.

  • Anonymous
    July 18, 2009
    Brad, To separate exceptions from validation errors, we are using and Attached Behaviour that will take the Binding object, and then check if the Source object has any validation errors registered for the Source property of the binding and based on that go to the appropriate state. In our case we have a dictionary of properties with a list of validation errors. That's the list we'll check to see if there's any problem with the bindings. The other benefit, appart from not having to deal with Exceptiosn in the ViewModel or other code is that we can defer some of the validations, to run in the background, when we click save or even get errors from Server Side validations, we could send the object, get it back, update the DataContext and read the a list of validation errors generated in the server. Of course this is just the strategy an this option can vary from app to app, but the AttachedBehaviour gives us the option to plug-in any strategy.

  • Anonymous
    July 27, 2009
    Wow, a lot of words!!!  I'm wondering if there is a story around GetSuperEmployee(WithParameters) I always find the WithParameters is where it gets hard.  I currently use a query class that seems to get bigger and bigger, but then at least I don't have 300 indivudual methods with different combinations of parameters I can never seem to remember. Thanks for writing all this

  • Anonymous
    July 29, 2009
    The comment has been removed

  • Anonymous
    August 07, 2009
    Hi - I don't like the idea of an exception or showing a blank screen if authentication fails. Wouldn't the best way to implement a scenario like this in a LOB application be to not show the menu option to get to the data until the user is authenticated? Just my 2 cents. Jim

  • Anonymous
    August 09, 2009
    I agree with Jim Evans. When no data is shown, it is unclear if it's a bug or a 'not authenticated' state. I would prefer to hide the menu item Henri

  • Anonymous
    August 11, 2009
    Brad, is there any way of refreshing the displayed page after the user logs in? e.g. to show unlogged in text and then different logged in text? Great tutorial series by the way

  • Anonymous
    August 11, 2009
    Figured it out. Hooked into the AuthenticationService events for logged in and out. Copied them from the code behind for LoginControl.xaml

  • Anonymous
    September 19, 2009
    Hi! I would add some custom properties to UserBase class; it works with "simple" types (string,int,DateTime,...), but it doesn't work with custom types. "Code-generator" doesn't create properties at client-side.