Up Authenticate
DevForce 2010 Resource Center » DevForce development » Secure » Authenticate » Security in the Business Application Template

Security in the Business Application Template

Last modified on August 15, 2012 17:20

To facilitate building secure applications in Silverlight, DevForce provides the Business Application Visual Studio project templates.  These templates provide the same navigation structure and themes as in standard Silverlight navigation and business templates, but integrate with DevForce ASP.NET security features. Both C# and VB versions are available.



These templates provide both user authentication and registration using ASP.NET Membership, and include sample use of ASP.NET Role and Profile features.  

Automatic sign-on

When an application built from the templates starts, the first thing it does is create an AuthenticationManager, a simple client service providing features to login and register users.  When the application starts it calls AuthenticationManager.LoadUser to automatically login the user if the application is using Windows authentication, or if the user has a persistent authentication ticket (the "Keep me signed in" checkbox was checked).  If authenticated, the user's "friendly name" is displayed in the main window.

This "friendly name" is an ASP.NET Profile property.  You'll see it defined in both the web.config:

    <add name="FriendlyName" />

... and in the custom User class which extends the default UserBase:

public partial class User : UserBase {

 /// <summary>
 /// Gets and sets the friendly name of the user.
 /// </summary>
 /// <remarks>
 /// This is a Profile-backed property.
 /// </remarks>
 public string FriendlyName { get; set; }
Partial Public Class User
Inherits UserBase

''' <summary>
''' Gets and sets the friendly name of the user.
''' </summary>
''' <remarks>
''' This is a Profile-backed property.
''' </remarks>
Public Property FriendlyName() As String
Private ...
End Class

If the user could not be authenticated, then she's logged in as a "guest user", and can either login or register at any time.


The templates provide Login processing - a window to gather credentials, and logic to submit those credentials to the EntityServer for authentication.  On the server the standard DevForce AspAuthenticatingLoginManager will authenticate the credentials and return a User instance.    

Here's the Login window (in the Windows 7 theme):



New users may also register.  A Registration window allows the user to enter information, and the template provides the logic to register the user to ASP.NET Membership.  Validation of user-entered information is also provided.

Here's the Registration window (also in the Windows 7 theme):


Single sign-on / sign-off

Once a user is logged in via the AuthenticationManager, any EntityManager subsequently created will automatically use the credentials already obtained by the AuthenticationManager and stored in the Authenticator.Instance.DefaultAuthenticationContext.  This means that any EntityManager created does not need to Login separately; and also that when a Logout is performed on the shared AuthenticationContext all EntityManagers using that context are also logged out.

Created by DevForce on February 17, 2011 18:14

This wiki is licensed under a Creative Commons 2.0 license. XWiki Enterprise 3.2 - Documentation. Copyright © 2015 IdeaBlade