More actions
Up Authenticate

Use ASP.NET security

Last modified on April 03, 2013 17:41
Contents

DevForce provides out-of-the-box integration with ASP.NET security features (Membership, Roles, Profile).  These features can be used in any application -- Silverlight, desktop, or ASP.NET.  If developing for Silverlight or ASP.NET, choosing ASP.NET security is often the right choice over a custom security implementation.  ASP.NET security is easy to use, highly configurable, and well-documented.  See http://www.asp.net/learn/security/ for information on ASP.NET security features.


Settings


In order to use ASP.NET security in DevForce you must set the UseAspNetSecurityServices flag in the web.config or server .config to enable it.  When enabled, DevForce will use the AspAuthenticatingLoginManager to handle login requests from clients.

XML
<objectServer>
  <serverSettings useAspNetSecurityServices="true" />
</objectServer>

You must also enable AspNetCompatibility  in order to allow the DevForce services to integrate with ASP.NET services. You set this in the system.serviceModel configuration section. Here's the relevant element in the system.serviceModel section:

XML
<system.serviceModel>
  <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
</system.serviceModel>

You must enable the ASP.NET services you wish to use in the system.web configuration section of the config file, as well as choose the type of authentication wanted. These steps are described below.

Authentication

Authentication in ASP.NET can take either of two flavors – Forms or Windows. For either type of authentication, after a successful Login completes a UserBase instance representing the user is available on both client and server.

Forms Authentication

Forms authentication involves validating user credentials against a Membership provider.  The default provider uses a SQL Server Membership database, aspnetdb, to store user information.  ASP.NET also supplies a Membership provider for Active Directory, or you can write a custom provider.  

To use Forms authentication, specify this authentication mode in the system.web configuration section:

XML
<system.web>
  <authentication mode="Forms" />
</system.web>

In your application you can ask the user for login credentials and pass the credential in the Authenticator.Login call. DevForce will validate the credentials with the ASP.NET membership provider. If the user is authenticated, a FormsAuthenticationTicket is issued. If you want the ticket to be persistent you should pass a FormsAuthenticationLoginCredential in the Login call, since this credential allows you to set the persistence flag. 

You can also call Authenticator.Login with a null argument if your application accepts either persistent authentication tickets or the user has already logged in as part of the larger application.  

Windows Authentication

When using Windows authentication in ASP.NET the current Windows credentials of the client are transmitted to the server.  This can be used in intranet environments only.

To use Windows authentication, specify this authentication mode in the system.web configuration section:

XML
<system.web>
  <authentication mode="Windows" />
</system.web>

Note that additional configuration changes are required both in IIS and in the communications configuration in order to pass Windows credentials to the EntityServer.  These changes are discussed in the configuration topic.

On your client, call the Authenticator.Login method with a null credential.  The AspAuthenticatingLoginManager will check the HttpContext.Current.User for a WindowsPrincipal representing the user, and from that create a UserBase to be returned to the client.

Roles

You must enable the Role service in the configuration file in order to use this feature:

XML
<system.web>
  <roleManager enabled="true" />
</system.web>

With roles enabled, user role information will be obtained from the ASP.NET RoleProvider, and role-based authorization can be used in your application. Use UserBase.Roles to retrieve all roles for the user, and UserBase.IsInRole() to determine role membership.

Check the ASP.NET documentation for information on how to create and manage roles and assign users to roles.

Profile

You must enable the Profile service in the configuration file in order to use this feature, and define the profile properties wanted.  Here's a sample:

XML
<system.web>
  <profile enabled="true">
    <properties>
   <!-- Sample properties -->
      <add name="WindowSeat" type="bool" defaultValue="false" />
      <add name="Building" type="string" defaultValue="A" />
    </properties>
  </profile>
</system.web>

You also need to extend the UserBase class with the custom properties from your profile. DevForce will automatically populate these properties from the Profile if the property name and type match, and the setter is public. Your custom UserBase class must be serializable, since it will be transmitted between client and server tiers.  

Application Name

If relying on the application name for authentication you must explicitly set it in all membership providers:

XML
<system.web>
  <membership>
    <providers>
      <clear/>
      <add name="AspNetSqlMembershipProvider"
           type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
           connectionStringName="LocalSqlServer"
           enablePasswordRetrieval="false"
           enablePasswordReset="true"
           requiresQuestionAndAnswer="true"
           requiresUniqueEmail="false"
           passwordFormat="Hashed"
           maxInvalidPasswordAttempts="5"
           minRequiredPasswordLength="7"
           minRequiredNonalphanumericCharacters="1"
           passwordAttemptWindow="10"
           passwordStrengthRegularExpression=""
           applicationName="/MyDevForceApp" />
    </providers>
  </membership>
</system.web>

Customizations

Credentials (Forms authentication)

You can pass custom credentials, derived from ILoginCredential, LoginCredential, or FormsAuthenticationLoginCredential with the Login call. With custom credentials, you will generally also want to provide a custom IEntityLoginManager implementation to receive these credentials. If you wish to take advantage of existing DevForce ASP.NET service integration, you should derive your class from the AspAuthenticatingLoginManager and override methods as needed.

IEntityLoginManager

You can implement your own IEntityLoginManager or extend the AspAuthenticatingLoginManager to provide custom logic. Any custom implementation will be used if found.

UserBase

You can also extend the UserBase class. If you enable the ASP.NET Profile service you will want to use a custom UserBase which contains additional properties retrieved from the profile. DevForce will automatically return your custom UserBase (if found) without the need to implement a custom AspAuthenticatingLoginManager.

Troubleshooting

"Error using ASP.NET Membership: Unable to connect to SQL Server database." Message received on a Login call.

This will occur if the ASP.NET membership database cannot be found or opened. You must configure the ASP.NET membership provider if you wish to use ASP.NET security features, and by default the AspNetSqlProvider is used. This will use the LocalSqlServer connection string from either your web.config or the machine.config. The default connection expects a SQLExpress database named aspnetdb.mdf. For more information on configuring ASP.NET membership see the membership tutorials at http://www.asp.net/learn/security/ .

The default in the machine.config:

XML
<connectionStrings>
  <add name="LocalSqlServer" connectionString="data source=
    .\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;
    User Instance=true" providerName="System.Data.SqlClient"/>
</connectionStrings>

To override in your web.config, remove the old connection string and add the new connection string.  Here's a sample re-pointing the connection to the default instance of SQL Server on the machine:

XML
<connectionStrings>
  <remove name="LocalSqlServer" />
  <add name="LocalSqlServer" connectionString=
   "Data Source=.;Initial Catalog=aspnetdb;Integrated Security=True;"
    providerName="System.Data.SqlClient" />
</connectionStrings>

Can't find IdeaBlade.EntityModel.Web assembly
This assembly is automatically installed to web applications by the DevForce Server NuGet package.  If you need to reference this assembly in other application types you can find it under the ..\packages\IdeaBlade.DevForce.Server.7.x.y\tools\lib\net45 folder.


Created by DevForce on December 10, 2010 14:49

Navigation

Tag Cloud

  1. Data Binding
  2. Data Sources
  3. Design Views
  4. Validation
  5. Anonymous
  6. Architecture
  7. ASP.NET
  8. Asynchronous
  9. Attach
  10. Azure
  11. CacheQueryOptions
  12. Caching
  13. Closure
  14. Cocktail
  15. code first
  16. Code Generation
  17. Code Sample
  18. Concurrency
  19. Configure
  20. Cookbook
  21. Create
  22. Debug
  23. Delete
  24. Deploy
  25. DevForce 2010
  26. DevForce Classic
  27. DevForce-Caliburn framework
  28. Disconnect
  29. Discovery
  30. Display
  31. Dynamic query
  32. EDM
  33. EDMX
  34. Entity cache
  35. Entity Framework
  36. EntityAspect
  37. EntityCache
  38. EntityKey
  39. EntityKeyQuery
  40. EntityManager
  41. EntityProperty
  42. EntityQuery
  43. EntityQueryOperation
  44. EntitySaveOperation
  45. EntityServer
  46. EntityServerSaveInterceptor
  47. EntityState
  48. EntityVersion
  49. ESQL
  50. Exception
  51. Extensibility
  52. Extension
  53. Faking
  54. Fetching
  55. FetchStrategy
  56. Getting started
  57. IIS
  58. Include
  59. Interception
  60. iOS
  61. IVerifierProvider
  62. JavaScript
  63. LINQ
  64. Localization
  65. Log
  66. MEF
  67. MergeStrategy
  68. Metadata
  69. MetadataType
  70. Model
  71. Multi-threading
  72. MVVM
  73. Navigation
  74. NET Native
  75. Object Mapping
  76. OData
  77. Offline
  78. Paging
  79. Performance
  80. Persistence
  81. POCO
  82. Predicate
  83. PredicateBuilder
  84. PredicateDescription
  85. Prism
  86. Property Interceptors
  87. PropertySortSelector
  88. Push
  89. Query
  90. Query cache
  91. Query Inversion
  92. QueryStrategy
  93. Refetch
  94. Refresh
  95. Release Notes
  96. Sample Application
  97. Save
  98. SaveOptions
  99. SaveResult
  100. SaveStatus
  101. Saving
  102. Security
  103. Serialization
  104. Silverlight
  105. Stored Procedure
  106. Support
  107. Telerik
  108. Template
  109. Test
  110. ToQuery
  111. Tour
  112. Transactions
  113. Troubleshooting
  114. UAP
  115. UWP
  116. Validation
  117. Verifier
  118. VerifierEngine
  119. Video
  120. WCF
  121. Windows 10
  122. Windows Phone
  123. Windows Store
  124. WinForms
  125. WinRT
  126. WIP
  127. WPF

Spaces

 | 2009Documentation | Documentation

This wiki is licensed under a Creative Commons 2.0 license. XWiki Enterprise 3.2 - Documentation. Copyright © 2020 IdeaBlade