More actions
Up Authenticate

Use ASP.NET security

Last modified on August 15, 2012 17:20
Contents

DevForce provides out-of-the-box integration with ASP.NET security features (Membership, Roles, Profile).  These features can be used in any application -- Silverlight, desktop, or ASP.NET.  If developing for Silverlight or ASP.NET, choosing ASP.NET security is often the right choice over a custom security implementation.  ASP.NET security is easy to use, highly configurable, and well-documented.  See http://www.asp.net/learn/security/ for information on ASP.NET security features.

For Silverlight applications, DevForce provides Visual Studio project templates for a "DevForce Silverlight Business Application" which automatically use ASP.NET security features without any additional work or configuration required on your part.  See the Business Application Templates for more information.

In order to use ASP.NET security in DevForce you must set the UseAspNetSecurityServices flag in the web.config or server .config to enable it.  When enabled, DevForce will use the AspAuthenticatingLoginManager to handle login requests from clients.

XML
<objectServer>
  <serverSettings useAspNetSecurityServices="true" />
</objectServer>

You must also enable AspNetCompatibility  in order to allow the DevForce services to integrate with ASP.NET services. You set this in the system.serviceModel configuration section. Here's the relevant element in the system.serviceModel section:

XML
<system.serviceModel>
  <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
</system.serviceModel>

You must enable the ASP.NET services you wish to use in the system.web configuration section of the config file, as well as choose the type of authentication wanted. These steps are described below.

Authentication

Authentication in ASP.NET can take either of two flavors – Forms or Windows. For either type of authentication, after a successful Login completes a UserBase instance representing the user is available on both client and server.

Forms Authentication

Forms authentication involves validating user credentials against a Membership provider.  The default provider uses a SQL Server Membership database, aspnetdb, to store user information.  ASP.NET also supplies a Membership provider for Active Directory, or you can write a custom provider.  

To use Forms authentication, specify this authentication mode in the system.web configuration section:

XML
<system.web>
  <authentication mode="Forms" />
</system.web>

In your application you can ask the user for login credentials and pass the credential in the EntityManager.Login call. DevForce will validate the credentials with the ASP.NET membership provider. If the user is authenticated, a FormsAuthenticationTicket is issued. If you want the ticket to be persistent you should pass a FormsAuthenticationLoginCredential in the Login call, since this credential allows you to set the persistence flag. 

You can also call EntityManager.Login with a null argument if your application accepts either persistent authentication tickets or the user has already logged in as part of the larger application.  

Windows Authentication

When using Windows authentication in ASP.NET the current Windows credentials of the client are transmitted to the server.  This can be used in intranet environments only.

To use Windows authentication, specify this authentication mode in the system.web configuration section:

XML
<system.web>
  <authentication mode="Windows" />
</system.web>

Note that additional configuration changes are required both in IIS and in the communications configuration in order to pass Windows credentials to the EntityServer.  These changes are discussed in the configuration topic.

On your client, call the EntityManager.Login method with a null credential.  The AspNetAuthenticatingLoginManager will check the HttpContext.Current.User for a WindowsPrincipal representing the user, and from that create a UserBase to be returned to the client.

Roles

You must enable the Role service in the configuration file in order to use this feature:

XML
<system.web>
  <roleManager enabled="true" />
</system.web>

With roles enabled, user role information will be obtained from the ASP.NET RoleProvider, and role-based authorization can be used in your application. Use UserBase.Roles to retrieve all roles for the user, and UserBase.IsInRole() to determine role membership.

Check the ASP.NET documentation for information on how to create and manage roles and assign users to roles.

Profile

You must enable the Profile service in the configuration file in order to use this feature, and define the profile properties wanted.  Here's a sample:

XML
<system.web>
  <profile enabled="true">
    <properties>
   <!-- Sample properties -->
      <add name="WindowSeat" type="bool" defaultValue="false" />
      <add name="Building" type="string" defaultValue="A" />
    </properties>
  </profile>
</system.web>

You also need to extend the UserBase class with the custom properties from your profile. DevForce will automatically populate these properties from the Profile if the property name and type match, and the setter is public. Your custom UserBase class must be serializable, since it will be transmitted between client and server tiers.  The DevForce Business Application project template for Visual Studio uses the Profile service and shows a sample User class which extends the UserBase with a Profile property. 

Application Name

If relying on the application name for authentication you must explicitly set it in all membership providers:

XML
<system.web>
  <membership>
    <providers>
      <clear/>
      <add name="AspNetSqlMembershipProvider"
           type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
           connectionStringName="LocalSqlServer"
           enablePasswordRetrieval="false"
           enablePasswordReset="true"
           requiresQuestionAndAnswer="true"
           requiresUniqueEmail="false"
           passwordFormat="Hashed"
           maxInvalidPasswordAttempts="5"
           minRequiredPasswordLength="7"
           minRequiredNonalphanumericCharacters="1"
           passwordAttemptWindow="10"
           passwordStrengthRegularExpression=""
           applicationName="/MyDevForceApp" />
    </providers>
  </membership>
</system.web>

Customizations

Credentials (Forms authentication)

You can pass custom credentials, derived from ILoginCredential, LoginCredential, or FormsAuthenticationLoginCredential with the Login call. With custom credentials, you will generally also want to provide a custom IEntityLoginManager implementation to receive these credentials. If you wish to take advantage of existing DevForce ASP.NET service integration, you should derive your class from the AspNetAuthenticatingLoginManager and override methods as needed.

IEntityLoginManager

You can implement your own IEntityLoginManager or extend the AspNetAuthenticatingLoginManager to provide custom logic. Any custom implementation will be used if found.

UserBase

You can also extend the UserBase class. If you enable the ASP.NET Profile service you will want to use a custom UserBase which contains additional properties retrieved from the profile. DevForce will automatically return your custom UserBase (if found) without the need to implement a custom AspNetAuthenticatingLoginManager.

Troubleshooting

"Error using ASP.NET Membership: Unable to connect to SQL Server database." Message received on a Login call.

This will occur if the ASP.NET membership database cannot be found or opened. You must configure the ASP.NET membership provider if you wish to use ASP.NET security features, and by default the AspNetSqlProvider is used. This will use the LocalSqlServer connection string from either your web.config or the machine.config. The default connection expects a SQLExpress database named aspnetdb.mdf. For more information on configuring ASP.NET membership see the membership tutorials at http://www.asp.net/learn/security/ .

The default in the machine.config:

XML
<connectionStrings>
  <add name="LocalSqlServer" connectionString="data source=
    .\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;
    User Instance=true" providerName="System.Data.SqlClient"/>
</connectionStrings>

To override in your web.config, remove the old connection string and add the new connection string.  Here's a sample re-pointing the connection to the default instance of SQL Server on the machine:

XML
<connectionStrings>
  <remove name="LocalSqlServer" />
  <add name="LocalSqlServer" connectionString=
   "Data Source=.;Initial Catalog=aspnetdb;Integrated Security=True;"
    providerName="System.Data.SqlClient" />
</connectionStrings>
Created by DevForce on December 10, 2010 14:49

Navigation

Tag Cloud

  1. Data Binding
  2. Data Sources
  3. Design Views
  4. Validation
  5. Anonymous
  6. Architecture
  7. ASP.NET
  8. Asynchronous
  9. Attach
  10. Azure
  11. CacheQueryOptions
  12. Caching
  13. Closure
  14. Cocktail
  15. code first
  16. Code Generation
  17. Code Sample
  18. Concurrency
  19. Configure
  20. Cookbook
  21. Coroutine
  22. Create
  23. Debug
  24. Delete
  25. Deploy
  26. DevForce 2012
  27. DevForce-Caliburn framework
  28. Disconnect
  29. Discovery
  30. Display
  31. Dynamic query
  32. EDM
  33. EDMX
  34. Entity cache
  35. Entity Framework
  36. EntityAspect
  37. EntityCache
  38. EntityKey
  39. EntityKeyQuery
  40. EntityManager
  41. EntityProperty
  42. EntityQuery
  43. EntityQueryOperation
  44. EntitySaveOperation
  45. EntityServer
  46. EntityServerSaveInterceptor
  47. EntityState
  48. EntityVersion
  49. ESQL
  50. Exception
  51. Extensibility
  52. Extension
  53. Faking
  54. Fetching
  55. FetchStrategy
  56. IIS
  57. Include
  58. Interception
  59. iOS
  60. IVerifierProvider
  61. JavaScript
  62. LINQ
  63. Localization
  64. Log
  65. MEF
  66. MergeStrategy
  67. Metadata
  68. MetadataType
  69. Model
  70. Multi-threading
  71. MVVM
  72. Navigation
  73. Object Mapping
  74. ObjectDataSource
  75. OData
  76. Offline
  77. Paging
  78. Performance
  79. Persistence
  80. POCO
  81. Predicate
  82. PredicateBuilder
  83. PredicateDescription
  84. Prism
  85. Property Interceptors
  86. PropertySortSelector
  87. Push
  88. Query
  89. Query cache
  90. Query Inversion
  91. QueryStrategy
  92. Refetch
  93. Refresh
  94. Release Notes
  95. Sample Application
  96. Save
  97. SaveOptions
  98. SaveResult
  99. SaveStatus
  100. Saving
  101. Security
  102. Serialization
  103. Silverlight
  104. Stored Procedure
  105. Telerik
  106. Template
  107. Test
  108. ToQuery
  109. Tour
  110. Transactions
  111. Troubleshooting
  112. Validation
  113. Verifier
  114. VerifierEngine
  115. Video
  116. Visual Studio
  117. WCF
  118. WinForms
  119. WIP
  120. WPF

Spaces

 | 2009Documentation | Documentation

This wiki is licensed under a Creative Commons 2.0 license. XWiki Enterprise 3.2 - Documentation. Copyright © 2015 IdeaBlade