SlideShare a Scribd company logo

Integrating Security Roles into Microsoft Silverlight Applications

Download as PPTX, PDF
Dan Wahlin
Dan Wahlin

This document discusses options for integrating security roles into Microsoft Silverlight applications. It begins by outlining Silverlight authentication and authorization options like Windows authentication and forms roles. It then discusses techniques for accessing user identity information and roles in Silverlight, such as passing data via initParams, using a security service, or the WebContext class in WCF RIA Services. The document recommends creating a SecurityManager class to simplify working with user credentials by handling asynchronous calls to retrieve data and integrating with MVVM patterns.

Technology
1 of 31
Integrating Security Roles into Microsoft Silverlight ApplicationsDEV356 Dan Wahlin Wahlin Consulting
Agenda Silverlight Security Options Accessing User Identity Information Accessing User Roles Creating a SecurityManager class
Silverlight Security Options Silverlight Authentication: Windows Forms Custom Silverlight Authorization: Active Directory Groups Forms Roles Custom Roles
Windows Authentication Options Option 1: Secure page hosting Silverlight control Easiest User prompted Silverlight app secured Option 2: Secure backend services Silverlight application is anonymous Calls to service require credentials Client HTTP stack can be used
Using the Client HTTP Stack //Set once in App.xaml.cs HttpWebRequest.RegisterPrefix("https://", WebRequestCreator.ClientHttp); .... WebClientwc = new WebClient(); wc.UseDefaultCredentials = false; wc.Credentials = new NetworkCredential("username", "password", "domain");
Agenda Securing Silverlight Applications Accessing User Identity Information Accessing User Roles Creating a SecurityManager class
Accessing a User's Credentials Silverlight does not support accessing the User object directly User.Identity.Name Options for accessing the user name: initParams (be careful!) Use a service WCF RIA Services
Passing the User Name with initParams User Name can be passed dynamically into Silverlight using initParams Be Careful!
Using initParams <param name="initParams" value="UserName=<%=User.Identity.Name%>" /> … private void Application_Startup(object sender, StartupEventArgs e) { ProcessInitParams(e.InitParams); this.RootVisual = new MainPage(); } void ProcessInitParams(IDictionary<string, string> initParams) { if (initParams != null) { foreach (var item in initParams) { this.Resources.Add(item.Key, item.Value); } } }
Creating a User Credentials Service Create a User Credentials WCF/ASMX service: Service handles returning authenticated user's information No risk of a spoofed User Name as with initParams Service can return additional information such as roles WCF RIA Services does this out-of-the-box
Returning a User Name from a Service [OperationContract] public string GetLoggedInUserName() { return new SecurityRepository() .GetUserName(OperationContext.Current); } public class SecurityRepository { public string GetUserName(OperationContextopContext) { return (opContext.ServiceSecurityContext != null && opContext.ServiceSecurityContext.WindowsIdentity != null) ? opContext.ServiceSecurityContext.WindowsIdentity.Name : null; } }
demo Accessing an Authenticated User's User Name
Agenda Silverlight Security Options Accessing User Identity Information Accessing User Roles Creating a SecurityManager class
Accessing User Roles Options: Pass user roles into application using initParams Create a security service operation that returns roles Be Careful!
Returning Roles from a Service [OperationContract] public List<Role> GetRoles() { return new SecurityRepository().GetRoles(OperationContext.Current); } public class SecurityRepository { public List<Role> GetRoles(OperationContextopContext) { varuserName = GetUserName(opContext); //Get roles from Active Directory, Database, or elsewhere } }
demo Accessing User Roles
Agenda Silverlight Security Options Accessing User Identity Information Accessing User Roles Creating a SecurityManager class
How do you access and manage user names and roles in a Silverlight application?
Creating a SecurityManager Class SecurityManager class can act as client-side gateway to user credentials: Accesses user credentials asynchronously Determine user role(s) Determine access to view MVVM compliant Add to ViewModel base class through aggregation
The SecurityManager Class [Export(typeof(ISecurityManager))] [PartCreationPolicy(CreationPolicy.Shared)] public class SecurityManager : ISecurityManager { public event EventHandlerUserSecurityLoaded; public boolIsUserSecurityLoadComplete { get; set; } public ObservableCollection<Role> UserRoles { get; set; } public string UserName { get; set; } public boolIsAdmin { get; } public boolIsInUserRole { get; } public boolIsValidUser { get; } private void GetUserSecurityDetails() {} public boolCheckUserAccessToUri(Uri uri) {} public boolUserIsInRole(string role) {} public boolUserIsInAnyRole(params string[] roles) {} }
Using the SecurityManager Class public class ViewModelBase: INotifyPropertyChanged { [Import] public ISecurityManagerSecurityManager { get; set; } } public class MainPageViewModel : ViewModelBase { public MainPageViewModel() { if (!IsDesignTime) SecurityManager.UserSecurityLoaded += SecurityManagerUserSecurityLoaded; } void SecurityManagerUserSecurityLoaded(object sender, EventArgs e) { IsAdmin = SecurityManager.IsAdmin; //Set INPC property UserName = SecurityManager.UserName; //Set INPC property } }
demo Creating and using a SecurityManager Class
Summary Silverlight doesn’t provide direct access to user credentials Different techniques can be used to access a user name and roles: Pass into initParams (be careful!) Access data through a security service Use WCF RIA Service's WebContext class The SecurityManager class can simplify the process of working with user credentials Handles async calls to security service Stores user credentials and provides security logic Integrates well with MVVM
Contact Info Blog http://weblogs.asp.net/dwahlin Twitter @DanWahlin Blog http://weblogs.asp.net/dwahlin Twitter @DanWahlin
Related Content Required Slide Speakers, please list the Breakout Sessions, Interactive Discussions, Labs, Demo Stations and Certification Exam that relate to your session. Also indicate when they can find you staffing in the TLC. DEV209: From Zero to Silverlight in 75 Minutes DEV210: Microsoft Silverlight, WCF RIA Services and Your Business Objects DEV331: A Lap around Microsoft Silverlight 5 DEV386HOL: Microsoft Silverlight Data Binding DEV388HOL: Web Services and Microsoft Silverlight DEV390HOL: Using the MVVM Pattern in Microsoft Silverlight Applications
Track Resources Required Slide Track PMs will supply the content for this slide, which will be inserted during the final scrub. Resource 1 Resource 2 Resource 3 Resource 4
Resources Connect. Share. Discuss. http://northamerica.msteched.com Learning Sessions On-Demand & Community Microsoft Certification & Training Resources www.microsoft.com/teched www.microsoft.com/learning Resources for IT Professionals Resources for Developers http://microsoft.com/technet http://microsoft.com/msdn
Required Slide Complete an evaluation on CommNet and enter to win!
Required Slide Your MS Tag will be inserted here during the final scrub. MS Tag Placeholder Slide
© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Recommended

CloudBrew: Windows Azure Mobile Services - Next stage
CloudBrew: Windows Azure Mobile Services - Next stageCloudBrew: Windows Azure Mobile Services - Next stage
CloudBrew: Windows Azure Mobile Services - Next stageTeemu Tapanila
 
Web 20 Security - Vordel
Web 20 Security - VordelWeb 20 Security - Vordel
Web 20 Security - Vordelguest2a1135
 
Android+ax+app+wcf
Android+ax+app+wcfAndroid+ax+app+wcf
Android+ax+app+wcfAravindharamanan S
 
Android ax app wcf
Android ax app wcfAndroid ax app wcf
Android ax app wcfAravindharamanan S
 
struts
strutsstruts
strutsArjun Shanka
 
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...Hermann Burgmeier
 
softshake 2014 - Java EE
softshake 2014 - Java EEsoftshake 2014 - Java EE
softshake 2014 - Java EEAlexis Hassler
 
Java EE 8 security and JSON binding API
Java EE 8 security and JSON binding APIJava EE 8 security and JSON binding API
Java EE 8 security and JSON binding APIAlex Theedom
 

Recommended

CloudBrew: Windows Azure Mobile Services - Next stage
CloudBrew: Windows Azure Mobile Services - Next stageCloudBrew: Windows Azure Mobile Services - Next stage
CloudBrew: Windows Azure Mobile Services - Next stageTeemu Tapanila
 
Web 20 Security - Vordel
Web 20 Security - VordelWeb 20 Security - Vordel
Web 20 Security - Vordelguest2a1135
 
Android+ax+app+wcf
Android+ax+app+wcfAndroid+ax+app+wcf
Android+ax+app+wcfAravindharamanan S
 
Android ax app wcf
Android ax app wcfAndroid ax app wcf
Android ax app wcfAravindharamanan S
 
struts
strutsstruts
strutsArjun Shanka
 
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...Hermann Burgmeier
 
softshake 2014 - Java EE
softshake 2014 - Java EEsoftshake 2014 - Java EE
softshake 2014 - Java EEAlexis Hassler
 
Java EE 8 security and JSON binding API
Java EE 8 security and JSON binding APIJava EE 8 security and JSON binding API
Java EE 8 security and JSON binding APIAlex Theedom
 
iOS Masque Attack
iOS Masque AttackiOS Masque Attack
iOS Masque AttackMinded Security
 
Java Security And Authentacation
Java Security And AuthentacationJava Security And Authentacation
Java Security And Authentacationckofoed
 
Application Instrumentation with WMI
Application Instrumentation with WMIApplication Instrumentation with WMI
Application Instrumentation with WMINicholas Schweitzer
 
Wicket 6
Wicket 6Wicket 6
Wicket 6codepitbull
 
Community call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platformCommunity call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platformMicrosoft 365 Developer
 
Spring Framework - Data Access
Spring Framework - Data AccessSpring Framework - Data Access
Spring Framework - Data AccessDzmitry Naskou
 
Mockito junit
Mockito junitMockito junit
Mockito junitSantiago Plascencia
 
Using the Tooling API to Generate Apex SOAP Web Service Clients
Using the Tooling API to Generate Apex SOAP Web Service ClientsUsing the Tooling API to Generate Apex SOAP Web Service Clients
Using the Tooling API to Generate Apex SOAP Web Service ClientsDaniel Ballinger
 
Paul Lammertsma: Account manager & sync
Paul Lammertsma: Account manager & syncPaul Lammertsma: Account manager & sync
Paul Lammertsma: Account manager & syncmdevtalk
 
Jetpack, with new features in 2021 GDG Georgetown IO Extended
Jetpack, with new features in 2021 GDG Georgetown IO ExtendedJetpack, with new features in 2021 GDG Georgetown IO Extended
Jetpack, with new features in 2021 GDG Georgetown IO ExtendedToru Wonyoung Choi
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinarmarcuschristie
 
Tutorial mvc (pelajari ini jika ingin tahu mvc) keren
Tutorial mvc (pelajari ini jika ingin tahu mvc) kerenTutorial mvc (pelajari ini jika ingin tahu mvc) keren
Tutorial mvc (pelajari ini jika ingin tahu mvc) kerenSony Suci
 
Distributing information on iOS
Distributing information on iOSDistributing information on iOS
Distributing information on iOSMake School
 
Learn Apache Shiro
Learn Apache ShiroLearn Apache Shiro
Learn Apache ShiroSmita Prasad
 
Mvc interview questions – deep dive jinal desai
Mvc interview questions – deep dive jinal desaiMvc interview questions – deep dive jinal desai
Mvc interview questions – deep dive jinal desaijinaldesailive
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...Michael Collier
 
Microsoft identity platform community call-May 2020
Microsoft identity platform community call-May 2020Microsoft identity platform community call-May 2020
Microsoft identity platform community call-May 2020Microsoft 365 Developer
 
Microservice Protection With WSO2 Identity Server
Microservice Protection With WSO2 Identity ServerMicroservice Protection With WSO2 Identity Server
Microservice Protection With WSO2 Identity ServerAnupam Gogoi
 
Lecture 3: Servlets - Session Management
Lecture 3: Servlets - Session ManagementLecture 3: Servlets - Session Management
Lecture 3: Servlets - Session ManagementFahad Golra
 
Development Trends - What's New in the World of Web Development
Development Trends - What's New in the World of Web DevelopmentDevelopment Trends - What's New in the World of Web Development
Development Trends - What's New in the World of Web DevelopmentDan Wahlin
 
Building an End-to-End AngularJS Application
Building an End-to-End AngularJS ApplicationBuilding an End-to-End AngularJS Application
Building an End-to-End AngularJS ApplicationDan Wahlin
 

More Related Content

What's hot

Java Security And Authentacation
Java Security And AuthentacationJava Security And Authentacation
Java Security And Authentacationckofoed
 
Application Instrumentation with WMI
Application Instrumentation with WMIApplication Instrumentation with WMI
Application Instrumentation with WMINicholas Schweitzer
 
Community call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platformCommunity call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platformMicrosoft 365 Developer
 
Spring Framework - Data Access
Spring Framework - Data AccessSpring Framework - Data Access
Spring Framework - Data AccessDzmitry Naskou
 
Using the Tooling API to Generate Apex SOAP Web Service Clients
Using the Tooling API to Generate Apex SOAP Web Service ClientsUsing the Tooling API to Generate Apex SOAP Web Service Clients
Using the Tooling API to Generate Apex SOAP Web Service ClientsDaniel Ballinger
 
Paul Lammertsma: Account manager & sync
Paul Lammertsma: Account manager & syncPaul Lammertsma: Account manager & sync
Paul Lammertsma: Account manager & syncmdevtalk
 
Jetpack, with new features in 2021 GDG Georgetown IO Extended
Jetpack, with new features in 2021 GDG Georgetown IO ExtendedJetpack, with new features in 2021 GDG Georgetown IO Extended
Jetpack, with new features in 2021 GDG Georgetown IO ExtendedToru Wonyoung Choi
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinarmarcuschristie
 
Tutorial mvc (pelajari ini jika ingin tahu mvc) keren
Tutorial mvc (pelajari ini jika ingin tahu mvc) kerenTutorial mvc (pelajari ini jika ingin tahu mvc) keren
Tutorial mvc (pelajari ini jika ingin tahu mvc) kerenSony Suci
 
Distributing information on iOS
Distributing information on iOSDistributing information on iOS
Distributing information on iOSMake School
 
Learn Apache Shiro
Learn Apache ShiroLearn Apache Shiro
Learn Apache ShiroSmita Prasad
 
Mvc interview questions – deep dive jinal desai
Mvc interview questions – deep dive jinal desaiMvc interview questions – deep dive jinal desai
Mvc interview questions – deep dive jinal desaijinaldesailive
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...Michael Collier
 
Microsoft identity platform community call-May 2020
Microsoft identity platform community call-May 2020Microsoft identity platform community call-May 2020
Microsoft identity platform community call-May 2020Microsoft 365 Developer
 
Microservice Protection With WSO2 Identity Server
Microservice Protection With WSO2 Identity ServerMicroservice Protection With WSO2 Identity Server
Microservice Protection With WSO2 Identity ServerAnupam Gogoi
 
Lecture 3: Servlets - Session Management
Lecture 3: Servlets - Session ManagementLecture 3: Servlets - Session Management
Lecture 3: Servlets - Session ManagementFahad Golra
 

What's hot (20)

iOS Masque Attack
iOS Masque AttackiOS Masque Attack
iOS Masque Attack
 
Java Security And Authentacation
Java Security And AuthentacationJava Security And Authentacation
Java Security And Authentacation
 
Application Instrumentation with WMI
Application Instrumentation with WMIApplication Instrumentation with WMI
Application Instrumentation with WMI
 
Wicket 6
Wicket 6Wicket 6
Wicket 6
 
Community call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platformCommunity call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platform
 
Spring Framework - Data Access
Spring Framework - Data AccessSpring Framework - Data Access
Spring Framework - Data Access
 
Mockito junit
Mockito junitMockito junit
Mockito junit
 
Using the Tooling API to Generate Apex SOAP Web Service Clients
Using the Tooling API to Generate Apex SOAP Web Service ClientsUsing the Tooling API to Generate Apex SOAP Web Service Clients
Using the Tooling API to Generate Apex SOAP Web Service Clients
 
Paul Lammertsma: Account manager & sync
Paul Lammertsma: Account manager & syncPaul Lammertsma: Account manager & sync
Paul Lammertsma: Account manager & sync
 
Jetpack, with new features in 2021 GDG Georgetown IO Extended
Jetpack, with new features in 2021 GDG Georgetown IO ExtendedJetpack, with new features in 2021 GDG Georgetown IO Extended
Jetpack, with new features in 2021 GDG Georgetown IO Extended
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
 
Tutorial mvc (pelajari ini jika ingin tahu mvc) keren
Tutorial mvc (pelajari ini jika ingin tahu mvc) kerenTutorial mvc (pelajari ini jika ingin tahu mvc) keren
Tutorial mvc (pelajari ini jika ingin tahu mvc) keren
 
Distributing information on iOS
Distributing information on iOSDistributing information on iOS
Distributing information on iOS
 
Learn Apache Shiro
Learn Apache ShiroLearn Apache Shiro
Learn Apache Shiro
 
Mvc interview questions – deep dive jinal desai
Mvc interview questions – deep dive jinal desaiMvc interview questions – deep dive jinal desai
Mvc interview questions – deep dive jinal desai
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
 
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
 
Microsoft identity platform community call-May 2020
Microsoft identity platform community call-May 2020Microsoft identity platform community call-May 2020
Microsoft identity platform community call-May 2020
 
Microservice Protection With WSO2 Identity Server
Microservice Protection With WSO2 Identity ServerMicroservice Protection With WSO2 Identity Server
Microservice Protection With WSO2 Identity Server
 
Lecture 3: Servlets - Session Management
Lecture 3: Servlets - Session ManagementLecture 3: Servlets - Session Management
Lecture 3: Servlets - Session Management
 

Viewers also liked

Development Trends - What's New in the World of Web Development
Development Trends - What's New in the World of Web DevelopmentDevelopment Trends - What's New in the World of Web Development
Development Trends - What's New in the World of Web DevelopmentDan Wahlin
 
Building an End-to-End AngularJS Application
Building an End-to-End AngularJS ApplicationBuilding an End-to-End AngularJS Application
Building an End-to-End AngularJS ApplicationDan Wahlin
 
Building AngularJS Custom Directives
Building AngularJS Custom DirectivesBuilding AngularJS Custom Directives
Building AngularJS Custom DirectivesDan Wahlin
 
Getting Started with ASP.NET MVC 3 and Razor
Getting Started with ASP.NET MVC 3 and RazorGetting Started with ASP.NET MVC 3 and Razor
Getting Started with ASP.NET MVC 3 and RazorDan Wahlin
 
Lastest Trends in Web Development
Lastest Trends in Web DevelopmentLastest Trends in Web Development
Lastest Trends in Web DevelopmentDoris Chen
 
AngularJS in 60ish Minutes
AngularJS in 60ish MinutesAngularJS in 60ish Minutes
AngularJS in 60ish MinutesDan Wahlin
 
JavaScript Patterns to Cleanup your Code
JavaScript Patterns to Cleanup your CodeJavaScript Patterns to Cleanup your Code
JavaScript Patterns to Cleanup your CodeDan Wahlin
 
Using jQuery Templates
Using jQuery TemplatesUsing jQuery Templates
Using jQuery TemplatesDan Wahlin
 
Building the an End-to-End ASP.NET MVC 4, Entity Framework, HTML5, jQuery app...
Building the an End-to-End ASP.NET MVC 4, Entity Framework, HTML5, jQuery app...Building the an End-to-End ASP.NET MVC 4, Entity Framework, HTML5, jQuery app...
Building the an End-to-End ASP.NET MVC 4, Entity Framework, HTML5, jQuery app...Dan Wahlin
 
Basics of angular directive (Part - 1)
Basics of angular directive (Part - 1)Basics of angular directive (Part - 1)
Basics of angular directive (Part - 1)Vijay Kani
 
Custom AngularJS Directives
Custom AngularJS DirectivesCustom AngularJS Directives
Custom AngularJS Directivesyprodev
 
AngularJS Custom Directives
AngularJS Custom DirectivesAngularJS Custom Directives
AngularJS Custom Directivesyprodev
 
AngularJS custom directive
AngularJS custom directiveAngularJS custom directive
AngularJS custom directiveNascenia IT
 
Building Custom AngularJS Directives - A Step-by-Step Guide - Dan Wahlin | Fa...
Building Custom AngularJS Directives - A Step-by-Step Guide - Dan Wahlin | Fa...Building Custom AngularJS Directives - A Step-by-Step Guide - Dan Wahlin | Fa...
Building Custom AngularJS Directives - A Step-by-Step Guide - Dan Wahlin | Fa...FalafelSoftware
 
Enterprise mobility management a comprehensive guide
Enterprise mobility management a comprehensive guideEnterprise mobility management a comprehensive guide
Enterprise mobility management a comprehensive guideNestweaver
 
Getting Started Building Windows 8 HTML/JavaScript Metro Apps
Getting Started Building Windows 8 HTML/JavaScript Metro AppsGetting Started Building Windows 8 HTML/JavaScript Metro Apps
Getting Started Building Windows 8 HTML/JavaScript Metro AppsDan Wahlin
 
Web Development Trends 2016
Web Development Trends 2016Web Development Trends 2016
Web Development Trends 2016Miva
 

Viewers also liked (18)

Development Trends - What's New in the World of Web Development
Development Trends - What's New in the World of Web DevelopmentDevelopment Trends - What's New in the World of Web Development
Development Trends - What's New in the World of Web Development
 
Building an End-to-End AngularJS Application
Building an End-to-End AngularJS ApplicationBuilding an End-to-End AngularJS Application
Building an End-to-End AngularJS Application
 
Building AngularJS Custom Directives
Building AngularJS Custom DirectivesBuilding AngularJS Custom Directives
Building AngularJS Custom Directives
 
Getting Started with ASP.NET MVC 3 and Razor
Getting Started with ASP.NET MVC 3 and RazorGetting Started with ASP.NET MVC 3 and Razor
Getting Started with ASP.NET MVC 3 and Razor
 
Top 13 Web Development Trends And Predictions For 2015
Top 13 Web Development Trends And Predictions For 2015Top 13 Web Development Trends And Predictions For 2015
Top 13 Web Development Trends And Predictions For 2015
 
Lastest Trends in Web Development
Lastest Trends in Web DevelopmentLastest Trends in Web Development
Lastest Trends in Web Development
 
AngularJS in 60ish Minutes
AngularJS in 60ish MinutesAngularJS in 60ish Minutes
AngularJS in 60ish Minutes
 
JavaScript Patterns to Cleanup your Code
JavaScript Patterns to Cleanup your CodeJavaScript Patterns to Cleanup your Code
JavaScript Patterns to Cleanup your Code
 
Using jQuery Templates
Using jQuery TemplatesUsing jQuery Templates
Using jQuery Templates
 
Building the an End-to-End ASP.NET MVC 4, Entity Framework, HTML5, jQuery app...
Building the an End-to-End ASP.NET MVC 4, Entity Framework, HTML5, jQuery app...Building the an End-to-End ASP.NET MVC 4, Entity Framework, HTML5, jQuery app...
Building the an End-to-End ASP.NET MVC 4, Entity Framework, HTML5, jQuery app...
 
Basics of angular directive (Part - 1)
Basics of angular directive (Part - 1)Basics of angular directive (Part - 1)
Basics of angular directive (Part - 1)
 
Custom AngularJS Directives
Custom AngularJS DirectivesCustom AngularJS Directives
Custom AngularJS Directives
 
AngularJS Custom Directives
AngularJS Custom DirectivesAngularJS Custom Directives
AngularJS Custom Directives
 
AngularJS custom directive
AngularJS custom directiveAngularJS custom directive
AngularJS custom directive
 
Building Custom AngularJS Directives - A Step-by-Step Guide - Dan Wahlin | Fa...
Building Custom AngularJS Directives - A Step-by-Step Guide - Dan Wahlin | Fa...Building Custom AngularJS Directives - A Step-by-Step Guide - Dan Wahlin | Fa...
Building Custom AngularJS Directives - A Step-by-Step Guide - Dan Wahlin | Fa...
 
Enterprise mobility management a comprehensive guide
Enterprise mobility management a comprehensive guideEnterprise mobility management a comprehensive guide
Enterprise mobility management a comprehensive guide
 
Getting Started Building Windows 8 HTML/JavaScript Metro Apps
Getting Started Building Windows 8 HTML/JavaScript Metro AppsGetting Started Building Windows 8 HTML/JavaScript Metro Apps
Getting Started Building Windows 8 HTML/JavaScript Metro Apps
 
Web Development Trends 2016
Web Development Trends 2016Web Development Trends 2016
Web Development Trends 2016
 

Similar to Integrating Security Roles into Microsoft Silverlight Applications

A Microsoft Silverlight User Group Starter Kit Made Available for Everyone to...
A Microsoft Silverlight User Group Starter Kit Made Available for Everyone to...A Microsoft Silverlight User Group Starter Kit Made Available for Everyone to...
A Microsoft Silverlight User Group Starter Kit Made Available for Everyone to...DataLeader.io
 
Developing your first application using FI-WARE
Developing your first application using FI-WAREDeveloping your first application using FI-WARE
Developing your first application using FI-WAREFermin Galan
 
CDI e as ideias pro futuro do VRaptor
CDI e as ideias pro futuro do VRaptorCDI e as ideias pro futuro do VRaptor
CDI e as ideias pro futuro do VRaptorCaelum
 
vCloud SDK for PHP - Introduction
vCloud SDK for PHP - IntroductionvCloud SDK for PHP - Introduction
vCloud SDK for PHP - IntroductionPablo Roesch
 
Multi Client Development with Spring
Multi Client Development with SpringMulti Client Development with Spring
Multi Client Development with SpringJoshua Long
 
Cassandra Summit 2014: Highly Scalable Web Application in the Cloud with Cass...
Cassandra Summit 2014: Highly Scalable Web Application in the Cloud with Cass...Cassandra Summit 2014: Highly Scalable Web Application in the Cloud with Cass...
Cassandra Summit 2014: Highly Scalable Web Application in the Cloud with Cass...DataStax Academy
 
Windows Store app using XAML and C#: Enterprise Product Development
Windows Store app using XAML and C#: Enterprise Product Development Windows Store app using XAML and C#: Enterprise Product Development
Windows Store app using XAML and C#: Enterprise Product Development Mahmoud Hamed Mahmoud
 
Developing your first application using FIWARE
Developing your first application using FIWAREDeveloping your first application using FIWARE
Developing your first application using FIWAREFIWARE
 
MongoDB.local Atlanta: Introduction to Serverless MongoDB
MongoDB.local Atlanta: Introduction to Serverless MongoDBMongoDB.local Atlanta: Introduction to Serverless MongoDB
MongoDB.local Atlanta: Introduction to Serverless MongoDBMongoDB
 
WinAppDriver - Windows Store Apps Test Automation
WinAppDriver - Windows Store Apps Test AutomationWinAppDriver - Windows Store Apps Test Automation
WinAppDriver - Windows Store Apps Test AutomationJeremy Kao
 
Implementing application security using the .net framework
Implementing application security using the .net frameworkImplementing application security using the .net framework
Implementing application security using the .net frameworkLalit Kale
 
Serverless Angular, Material, Firebase and Google Cloud applications
Serverless Angular, Material, Firebase and Google Cloud applicationsServerless Angular, Material, Firebase and Google Cloud applications
Serverless Angular, Material, Firebase and Google Cloud applicationsLoiane Groner
 
Lunch Learn - WCF Security
Lunch Learn - WCF SecurityLunch Learn - WCF Security
Lunch Learn - WCF SecurityPaul Senatillaka
 
DataFX 8 (JavaOne 2014)
DataFX 8 (JavaOne 2014)DataFX 8 (JavaOne 2014)
DataFX 8 (JavaOne 2014)Hendrik Ebbers
 
2008 - TechDays PT: Building Software + Services with Volta
2008 - TechDays PT: Building Software + Services with Volta2008 - TechDays PT: Building Software + Services with Volta
2008 - TechDays PT: Building Software + Services with VoltaDaniel Fisher
 
Developing ASP.NET Applications Using the Model View Controller Pattern
Developing ASP.NET Applications Using the Model View Controller PatternDeveloping ASP.NET Applications Using the Model View Controller Pattern
Developing ASP.NET Applications Using the Model View Controller Patterngoodfriday
 

Similar to Integrating Security Roles into Microsoft Silverlight Applications (20)

JavaCro'14 - Building interactive web applications with Vaadin – Peter Lehto
JavaCro'14 - Building interactive web applications with Vaadin – Peter LehtoJavaCro'14 - Building interactive web applications with Vaadin – Peter Lehto
JavaCro'14 - Building interactive web applications with Vaadin – Peter Lehto
 
A Microsoft Silverlight User Group Starter Kit Made Available for Everyone to...
A Microsoft Silverlight User Group Starter Kit Made Available for Everyone to...A Microsoft Silverlight User Group Starter Kit Made Available for Everyone to...
A Microsoft Silverlight User Group Starter Kit Made Available for Everyone to...
 
Developing your first application using FI-WARE
Developing your first application using FI-WAREDeveloping your first application using FI-WARE
Developing your first application using FI-WARE
 
CDI e as ideias pro futuro do VRaptor
CDI e as ideias pro futuro do VRaptorCDI e as ideias pro futuro do VRaptor
CDI e as ideias pro futuro do VRaptor
 
Html bridge
Html bridgeHtml bridge
Html bridge
 
vCloud SDK for PHP - Introduction
vCloud SDK for PHP - IntroductionvCloud SDK for PHP - Introduction
vCloud SDK for PHP - Introduction
 
Multi Client Development with Spring
Multi Client Development with SpringMulti Client Development with Spring
Multi Client Development with Spring
 
Cassandra Summit 2014: Highly Scalable Web Application in the Cloud with Cass...
Cassandra Summit 2014: Highly Scalable Web Application in the Cloud with Cass...Cassandra Summit 2014: Highly Scalable Web Application in the Cloud with Cass...
Cassandra Summit 2014: Highly Scalable Web Application in the Cloud with Cass...
 
Windows Store app using XAML and C#: Enterprise Product Development
Windows Store app using XAML and C#: Enterprise Product Development Windows Store app using XAML and C#: Enterprise Product Development
Windows Store app using XAML and C#: Enterprise Product Development
 
Hacking 101 3
Hacking 101 3Hacking 101 3
Hacking 101 3
 
Developing your first application using FIWARE
Developing your first application using FIWAREDeveloping your first application using FIWARE
Developing your first application using FIWARE
 
MongoDB.local Atlanta: Introduction to Serverless MongoDB
MongoDB.local Atlanta: Introduction to Serverless MongoDBMongoDB.local Atlanta: Introduction to Serverless MongoDB
MongoDB.local Atlanta: Introduction to Serverless MongoDB
 
WinAppDriver - Windows Store Apps Test Automation
WinAppDriver - Windows Store Apps Test AutomationWinAppDriver - Windows Store Apps Test Automation
WinAppDriver - Windows Store Apps Test Automation
 
Implementing application security using the .net framework
Implementing application security using the .net frameworkImplementing application security using the .net framework
Implementing application security using the .net framework
 
State management
State managementState management
State management
 
Serverless Angular, Material, Firebase and Google Cloud applications
Serverless Angular, Material, Firebase and Google Cloud applicationsServerless Angular, Material, Firebase and Google Cloud applications
Serverless Angular, Material, Firebase and Google Cloud applications
 
Lunch Learn - WCF Security
Lunch Learn - WCF SecurityLunch Learn - WCF Security
Lunch Learn - WCF Security
 
DataFX 8 (JavaOne 2014)
DataFX 8 (JavaOne 2014)DataFX 8 (JavaOne 2014)
DataFX 8 (JavaOne 2014)
 
2008 - TechDays PT: Building Software + Services with Volta
2008 - TechDays PT: Building Software + Services with Volta2008 - TechDays PT: Building Software + Services with Volta
2008 - TechDays PT: Building Software + Services with Volta
 
Developing ASP.NET Applications Using the Model View Controller Pattern
Developing ASP.NET Applications Using the Model View Controller PatternDeveloping ASP.NET Applications Using the Model View Controller Pattern
Developing ASP.NET Applications Using the Model View Controller Pattern
 

Recently uploaded

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 

Recently uploaded (20)

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

Integrating Security Roles into Microsoft Silverlight Applications

  • 1.
  • 2. Integrating Security Roles into Microsoft Silverlight ApplicationsDEV356 Dan Wahlin Wahlin Consulting
  • 3. Agenda Silverlight Security Options Accessing User Identity Information Accessing User Roles Creating a SecurityManager class
  • 4. Silverlight Security Options Silverlight Authentication: Windows Forms Custom Silverlight Authorization: Active Directory Groups Forms Roles Custom Roles
  • 5. Windows Authentication Options Option 1: Secure page hosting Silverlight control Easiest User prompted Silverlight app secured Option 2: Secure backend services Silverlight application is anonymous Calls to service require credentials Client HTTP stack can be used
  • 6. Using the Client HTTP Stack //Set once in App.xaml.cs HttpWebRequest.RegisterPrefix("https://", WebRequestCreator.ClientHttp); .... WebClientwc = new WebClient(); wc.UseDefaultCredentials = false; wc.Credentials = new NetworkCredential("username", "password", "domain");
  • 7. Agenda Securing Silverlight Applications Accessing User Identity Information Accessing User Roles Creating a SecurityManager class
  • 8. Accessing a User's Credentials Silverlight does not support accessing the User object directly User.Identity.Name Options for accessing the user name: initParams (be careful!) Use a service WCF RIA Services
  • 9. Passing the User Name with initParams User Name can be passed dynamically into Silverlight using initParams Be Careful!
  • 10. Using initParams <param name="initParams" value="UserName=<%=User.Identity.Name%>" /> … private void Application_Startup(object sender, StartupEventArgs e) { ProcessInitParams(e.InitParams); this.RootVisual = new MainPage(); } void ProcessInitParams(IDictionary<string, string> initParams) { if (initParams != null) { foreach (var item in initParams) { this.Resources.Add(item.Key, item.Value); } } }
  • 11. Creating a User Credentials Service Create a User Credentials WCF/ASMX service: Service handles returning authenticated user's information No risk of a spoofed User Name as with initParams Service can return additional information such as roles WCF RIA Services does this out-of-the-box
  • 12. Returning a User Name from a Service [OperationContract] public string GetLoggedInUserName() { return new SecurityRepository() .GetUserName(OperationContext.Current); } public class SecurityRepository { public string GetUserName(OperationContextopContext) { return (opContext.ServiceSecurityContext != null && opContext.ServiceSecurityContext.WindowsIdentity != null) ? opContext.ServiceSecurityContext.WindowsIdentity.Name : null; } }
  • 13. demo Accessing an Authenticated User's User Name
  • 14. Agenda Silverlight Security Options Accessing User Identity Information Accessing User Roles Creating a SecurityManager class
  • 15. Accessing User Roles Options: Pass user roles into application using initParams Create a security service operation that returns roles Be Careful!
  • 16. Returning Roles from a Service [OperationContract] public List<Role> GetRoles() { return new SecurityRepository().GetRoles(OperationContext.Current); } public class SecurityRepository { public List<Role> GetRoles(OperationContextopContext) { varuserName = GetUserName(opContext); //Get roles from Active Directory, Database, or elsewhere } }
  • 18. Agenda Silverlight Security Options Accessing User Identity Information Accessing User Roles Creating a SecurityManager class
  • 19. How do you access and manage user names and roles in a Silverlight application?
  • 20. Creating a SecurityManager Class SecurityManager class can act as client-side gateway to user credentials: Accesses user credentials asynchronously Determine user role(s) Determine access to view MVVM compliant Add to ViewModel base class through aggregation
  • 21. The SecurityManager Class [Export(typeof(ISecurityManager))] [PartCreationPolicy(CreationPolicy.Shared)] public class SecurityManager : ISecurityManager { public event EventHandlerUserSecurityLoaded; public boolIsUserSecurityLoadComplete { get; set; } public ObservableCollection<Role> UserRoles { get; set; } public string UserName { get; set; } public boolIsAdmin { get; } public boolIsInUserRole { get; } public boolIsValidUser { get; } private void GetUserSecurityDetails() {} public boolCheckUserAccessToUri(Uri uri) {} public boolUserIsInRole(string role) {} public boolUserIsInAnyRole(params string[] roles) {} }
  • 22. Using the SecurityManager Class public class ViewModelBase: INotifyPropertyChanged { [Import] public ISecurityManagerSecurityManager { get; set; } } public class MainPageViewModel : ViewModelBase { public MainPageViewModel() { if (!IsDesignTime) SecurityManager.UserSecurityLoaded += SecurityManagerUserSecurityLoaded; } void SecurityManagerUserSecurityLoaded(object sender, EventArgs e) { IsAdmin = SecurityManager.IsAdmin; //Set INPC property UserName = SecurityManager.UserName; //Set INPC property } }
  • 23. demo Creating and using a SecurityManager Class
  • 24. Summary Silverlight doesn’t provide direct access to user credentials Different techniques can be used to access a user name and roles: Pass into initParams (be careful!) Access data through a security service Use WCF RIA Service's WebContext class The SecurityManager class can simplify the process of working with user credentials Handles async calls to security service Stores user credentials and provides security logic Integrates well with MVVM
  • 25. Contact Info Blog http://weblogs.asp.net/dwahlin Twitter @DanWahlin Blog http://weblogs.asp.net/dwahlin Twitter @DanWahlin
  • 26. Related Content Required Slide Speakers, please list the Breakout Sessions, Interactive Discussions, Labs, Demo Stations and Certification Exam that relate to your session. Also indicate when they can find you staffing in the TLC. DEV209: From Zero to Silverlight in 75 Minutes DEV210: Microsoft Silverlight, WCF RIA Services and Your Business Objects DEV331: A Lap around Microsoft Silverlight 5 DEV386HOL: Microsoft Silverlight Data Binding DEV388HOL: Web Services and Microsoft Silverlight DEV390HOL: Using the MVVM Pattern in Microsoft Silverlight Applications
  • 27. Track Resources Required Slide Track PMs will supply the content for this slide, which will be inserted during the final scrub. Resource 1 Resource 2 Resource 3 Resource 4
  • 28. Resources Connect. Share. Discuss. http://northamerica.msteched.com Learning Sessions On-Demand & Community Microsoft Certification & Training Resources www.microsoft.com/teched www.microsoft.com/learning Resources for IT Professionals Resources for Developers http://microsoft.com/technet http://microsoft.com/msdn
  • 29. Required Slide Complete an evaluation on CommNet and enter to win!
  • 30. Required Slide Your MS Tag will be inserted here during the final scrub. MS Tag Placeholder Slide
  • 31. © 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Editor's Notes

  1. Option 1: Secure page hosting Silverlight control:Easiest approachSilverlight application isn&apos;t accessed until user authenticatesUser prompted for credentials or credentials are passed throughOption 2: Secure backend servicesAnonymous application accessCalls to services prompt for authentication credentialsUse Client HTTP Stack to set network credentials programmatically (example shown next)
  2. Use WCF RIA Service&apos;s WebContext class:WebContext.Current.Authentication.User
  3. Be Careful!Hacker could change value passed into initParamsIf application simply displays the User Name then no problemIf application relies on User Name to lookup roles and more from services this can be a bad solution
  4. Be Careful!Embedding roles in initParams opens the application to spoofingReturning roles from a service call is the best option
  5. New for TechEd 2011, we will be working with Microsoft Tag (http://tag.microsoft.com/overview.aspx) to create unique Tags for every session at the event. Your session Tag will appear on both the room signage and at the end of your presentation. With your session Tag, attendees will be able to scan as they enter the room to retrieve session details, view speaker bios, and engage in discussions; or scan at the end of the presentation to evaluate your session and download materials. We’re excited to integrate Microsoft Tag across the My TechEd mobile experience this year.