General Actions:
DevForce 2010 Resource Center » DevForce development » Secure » Authenticate » Security in the Business Application Template
Last modified on August 15, 2012 17:20
To facilitate building secure applications in Silverlight, DevForce provides the Business Application Visual Studio project templates. These templates provide the same navigation structure and themes as in standard Silverlight navigation and business templates, but integrate with DevForce ASP.NET security features. Both C# and VB versions are available.
Overview
These templates provide both user authentication and registration using ASP.NET Membership, and include sample use of ASP.NET Role and Profile features.
Automatic sign-on
When an application built from the templates starts, the first thing it does is create an AuthenticationManager, a simple client service providing features to login and register users. When the application starts it calls AuthenticationManager.LoadUser to automatically login the user if the application is using Windows authentication, or if the user has a persistent authentication ticket (the "Keep me signed in" checkbox was checked). If authenticated, the user's "friendly name" is displayed in the main window.
This "friendly name" is an ASP.NET Profile property. You'll see it defined in both the web.config:
| XML | <profile> <properties> <add name="FriendlyName" /> </properties> </profile> |
... and in the custom User class which extends the default UserBase:
| C# | [DataContract] public partial class User : UserBase { /// <summary> /// Gets and sets the friendly name of the user. /// </summary> /// <remarks> /// This is a Profile-backed property. /// </remarks> [DataMember] public string FriendlyName { get; set; } .. } |
| VB | <DataContract> Partial Public Class User Inherits UserBase ''' <summary> ''' Gets and sets the friendly name of the user. ''' </summary> ''' <remarks> ''' This is a Profile-backed property. ''' </remarks> <DataMember> Public Property FriendlyName() As String Private ... End Class |
If the user could not be authenticated, then she's logged in as a "guest user", and can either login or register at any time.
Login
The templates provide Login processing - a window to gather credentials, and logic to submit those credentials to the EntityServer for authentication. On the server the standard DevForce AspAuthenticatingLoginManager will authenticate the credentials and return a User instance.
Here's the Login window (in the Windows 7 theme):
Register
New users may also register. A Registration window allows the user to enter information, and the template provides the logic to register the user to ASP.NET Membership. Validation of user-entered information is also provided.
Here's the Registration window (also in the Windows 7 theme):
Single sign-on / sign-off
Once a user is logged in via the AuthenticationManager, any EntityManager subsequently created will automatically use the credentials already obtained by the AuthenticationManager and stored in the Authenticator.Instance.DefaultAuthenticationContext. This means that any EntityManager created does not need to Login separately; and also that when a Logout is performed on the shared AuthenticationContext all EntityManagers using that context are also logged out.