RIA Services: How can I create custom authentication?
Asked Answered
V

3

17

I am working with the Silverlight RIA Services and I want to create custom authentication. This appears to be the only thing that has virtually no documentation (I've read through the entire RIAServicesOverview.docx).

Do you know of a way for me to create a customer authentication service? I don't want to use the default ASP.NET membership model. I don't know what interface or abstract class I need to implement - although I did find System.Web.Ria.ApplicationServices.IAuthentication.

Do I need to implement IAuthentication? If so, could you give me some advice on how to go about doing so? These are the following methods:

    public User GetUser();

    public User Login(string userName, string password, bool isPersistent, string customData);

    public User Logout();

    public void UpdateUser(User user);

I don't know how I would implement any of these (except for Login) - how could the service possibly know what user is currently logged in in order for Logout() to work?

I've been scouring the web in search of how to do this for hours, and I can't find anything that describes how to create a simple DomainService that can be used for authenticating a user in an "RIA-linked" Silverlight project.

If someone could shed some light on this, I'd be sincerely grateful.

Thanks,
Charles


[EDIT]
I found the RIA Services page on the MSDN Code Gallery. There's a section called Authentication Samples, which links to some great code samples. Check it out if you want to know more about how authentication works within RIA Services.

Vanzant answered 28/7, 2009 at 16:46 Comment(0)
P
20

If you create a "Silverlight Business Application" you'll see how the template implements authentication. (Or just go here and download the template sample project.)

To simplify, here's the process I used:

First, I create a domain service (FooService) that derives from LinqToEntitiesDomainService where FooContext is my entity model. In it I add all the CRUD operations to access my custom DB table and return user profiles.

Next, create a concrete User class on the serverside by deriving from UserBase:

using System.Web.Ria;
using System.Web.Ria.ApplicationServices;

public class User : UserBase
{}

Finally, derive a class from AuthenticationBase and implement the following four methods:

[EnableClientAccess]
public class AuthenticationService : AuthenticationBase<User>
{
    private FooService _service = new FooService();

    protected override bool ValidateUser(string username, string password)
    {
        // Code here that tests only if the password is valid for the given
        // username using your custom DB calls via the domain service you
        // implemented above
    }

    protected override User GetAuthenticatedUser(IPrincipal pricipal)
    {
        // principal.Identity.Name will be the username for the user
        // you're trying to authenticate. Here's one way to implement
        // this:
        User user = null;
        if (this._service.DoesUserExist(principal.Identity.Name)) // DoesUserExist() is a call
                                                                  // added in my domain service
        {
            // UserProfile is an entity in my DB
            UserProfile profile = this._service.GetUserProfile(principal.Identity.Name);
            user.Name = profile.UserName;
            user.AuthenticationType = principal.Identity.AuthenticationType;
        }
        return user;
    }

    public override void Initialize(DomainServiceContext context)
    {
        this._service.Initialize(context);
        base.Initialize(context);
    }

    protected override void Dispose(bool disposing)
    {
        if (disposing)
            this._service.Dispose();
        base.Dispose(disposing);
    }
}
Pris answered 5/8, 2009 at 14:31 Comment(3)
looking for... My butter fingers and I wouldn't mind an Edit option for comments...Vanzant
Please could you explain this answer in a bit more detail? I'm really struggling to implement just normal authentication and I can't find any good sources of information that aren't totally ambiguous and assume knowledge already. I would really appreciate some help.Lyonnesse
thanks for your answer. I would like to have my AuthenticationService be the LinqToEntitiesDomainService<MyEntitiesModel> subclass and therefore I can't inherit from AuthenticationBase. What's the best practice on implementing the IAuthentication<T> interface?Mortal
M
1

Here is a complete official example from MS:

http://code.msdn.microsoft.com/Custom-Authentication-96ca3d20

Mortal answered 19/2, 2012 at 15:7 Comment(0)
G
0

How about implementing the IAuthorization interface?

Groveman answered 28/5, 2010 at 7:40 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.