integrating security roles into microsoft silverlight applications
DESCRIPTION
TRANSCRIPT
Integrating Security Roles into Microsoft Silverlight ApplicationsDEV356
Dan WahlinWahlin Consulting
Agenda
Silverlight Security OptionsAccessing User Identity InformationAccessing User RolesCreating a SecurityManager class
Silverlight Security Options
Silverlight Authentication:WindowsFormsCustom
Silverlight Authorization:Active Directory GroupsForms RolesCustom Roles
Windows Authentication Options
Option 1: Secure page hosting Silverlight controlEasiestUser promptedSilverlight app secured
Option 2: Secure backend servicesSilverlight application is anonymousCalls to service require credentialsClient HTTP stack can be used
Using the Client HTTP Stack
//Set once in App.xaml.csHttpWebRequest.RegisterPrefix("https://", WebRequestCreator.ClientHttp);
....
WebClient wc = new WebClient();wc.UseDefaultCredentials = false;wc.Credentials = new NetworkCredential("username", "password", "domain");
Agenda
Securing Silverlight ApplicationsAccessing User Identity InformationAccessing User RolesCreating a SecurityManager class
Accessing a User's Credentials
Silverlight does not support accessing the User object directly
User.Identity.Name
Options for accessing the user name:initParams (be careful!)Use a serviceWCF RIA Services
Passing the User Name with initParams
User Name can be passed dynamically into Silverlight using initParams
Be Careful!
Using initParams
<param name="initParams" value="UserName=<%=User.Identity.Name%>" />
…private void Application_Startup(object sender, StartupEventArgs
e) { ProcessInitParams(e.InitParams); this.RootVisual = new MainPage();}
void ProcessInitParams(IDictionary<string, string> initParams) { if (initParams != null) { foreach (var item in initParams) { this.Resources.Add(item.Key, item.Value); } }}
Creating a User Credentials Service
Create a User Credentials WCF/ASMX service:Service handles returning authenticated user's informationNo risk of a spoofed User Name as with initParamsService can return additional information such as rolesWCF RIA Services does this out-of-the-box
Returning a User Name from a Service
[OperationContract]public string GetLoggedInUserName() { return new SecurityRepository()
.GetUserName(OperationContext.Current);}
public class SecurityRepository {
public string GetUserName(OperationContext opContext) { return (opContext.ServiceSecurityContext != null && opContext.ServiceSecurityContext.WindowsIdentity !=
null) ? opContext.ServiceSecurityContext.WindowsIdentity.Name : null;
}
}
demo
Accessing an Authenticated User's User Name
Agenda
Silverlight Security OptionsAccessing User Identity InformationAccessing User RolesCreating a SecurityManager class
Accessing User Roles
Options:Pass user roles into application using initParamsCreate a security service operation that returns roles
Be Careful!
Returning Roles from a Service
[OperationContract]public List<Role> GetRoles(){ return new
SecurityRepository().GetRoles(OperationContext.Current);}
public class SecurityRepository { public List<Role> GetRoles(OperationContext opContext) { var userName = GetUserName(opContext); //Get roles from Active Directory, Database, or elsewhere }}
demo
Accessing User Roles
Agenda
Silverlight Security OptionsAccessing User Identity InformationAccessing User RolesCreating a SecurityManager class
How do you access and manage user names and roles in a Silverlight application?
Creating a SecurityManager Class
SecurityManager class can act as client-side gateway to user credentials:
Accesses user credentials asynchronouslyDetermine user role(s)Determine access to viewMVVM compliantAdd to ViewModel base class through aggregation
The SecurityManager Class[Export(typeof(ISecurityManager))][PartCreationPolicy(CreationPolicy.Shared)]public class SecurityManager : ISecurityManager { public event EventHandler UserSecurityLoaded; public bool IsUserSecurityLoadComplete { get; set; } public ObservableCollection<Role> UserRoles { get; set; } public string UserName { get; set; } public bool IsAdmin { get; } public bool IsInUserRole { get; } public bool IsValidUser { get; } private void GetUserSecurityDetails() {} public bool CheckUserAccessToUri(Uri uri) {} public bool UserIsInRole(string role) {} public bool UserIsInAnyRole(params string[] roles) {}}
Using the SecurityManager Classpublic class ViewModelBase: INotifyPropertyChanged {
[Import] public ISecurityManager SecurityManager { get; set; }}
public class MainPageViewModel : ViewModelBase { public MainPageViewModel() { if (!IsDesignTime) SecurityManager.UserSecurityLoaded +=
SecurityManagerUserSecurityLoaded; } void SecurityManagerUserSecurityLoaded(object sender,
EventArgs e) { IsAdmin = SecurityManager.IsAdmin; //Set INPC property UserName = SecurityManager.UserName; //Set INPC property }}
demo
Creating and using a SecurityManager Class
SummarySilverlight doesn’t provide direct access to user credentialsDifferent techniques can be used to access a user name and roles:
Pass into initParams (be careful!)Access data through a security serviceUse WCF RIA Service's WebContext class
The SecurityManager class can simplify the process of working with user credentials
Handles async calls to security service Stores user credentials and provides security logicIntegrates well with MVVM
Contact Info
Bloghttp://weblogs.asp.net/dwahlin
Twitter@DanWahlin
Bloghttp://weblogs.asp.net/dwahlin
Twitter@DanWahlin
Related Content
DEV209: From Zero to Silverlight in 75 Minutes
DEV210: Microsoft Silverlight, WCF RIA Services and Your Business Objects
DEV331: A Lap around Microsoft Silverlight 5
DEV386HOL: Microsoft Silverlight Data Binding
DEV388HOL: Web Services and Microsoft Silverlight
DEV390HOL: Using the MVVM Pattern in Microsoft Silverlight Applications
Track Resources
Resource 1
Resource 2
Resource 3
Resource 4
Resources
www.microsoft.com/teched
Sessions On-Demand & Community Microsoft Certification & Training Resources
Resources for IT Professionals Resources for Developers
www.microsoft.com/learning
http://microsoft.com/technet http://microsoft.com/msdn
Learning
http://northamerica.msteched.com
Connect. Share. Discuss.
Complete an evaluation on CommNet and enter to win!
MS Tag Placeholder Slide
© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.