Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Integrating Security Roles into Microsoft Silverlight Applications


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Integrating Security Roles into Microsoft Silverlight Applications

  1. 1.
  2. 2. Integrating Security Roles into Microsoft Silverlight ApplicationsDEV356<br />Dan Wahlin<br />Wahlin Consulting<br />
  3. 3. Agenda<br />Silverlight Security Options<br />Accessing User Identity Information<br />Accessing User Roles<br />Creating a SecurityManager class<br />
  4. 4. Silverlight Security Options<br />Silverlight Authentication:<br />Windows<br />Forms<br />Custom<br />Silverlight Authorization:<br />Active Directory Groups<br />Forms Roles<br />Custom Roles<br />
  5. 5. Windows Authentication Options<br />Option 1: Secure page hosting Silverlight control<br />Easiest<br />User prompted<br />Silverlight app secured<br />Option 2: Secure backend services<br />Silverlight application is anonymous<br />Calls to service require credentials<br />Client HTTP stack can be used<br />
  6. 6. Using the Client HTTP Stack<br />//Set once in App.xaml.cs<br />HttpWebRequest.RegisterPrefix("https://", WebRequestCreator.ClientHttp);<br />....<br />WebClientwc = new WebClient();<br />wc.UseDefaultCredentials = false;<br />wc.Credentials = new NetworkCredential("username", "password", "domain");<br />
  7. 7. Agenda<br />Securing Silverlight Applications<br />Accessing User Identity Information<br />Accessing User Roles<br />Creating a SecurityManager class<br />
  8. 8. Accessing a User's Credentials<br />Silverlight does not support accessing the User object directly<br />User.Identity.Name<br />Options for accessing the user name:<br />initParams (be careful!)<br />Use a service<br />WCF RIA Services<br />
  9. 9. Passing the User Name with initParams<br />User Name can be passed dynamically into Silverlight using initParams<br />Be Careful!<br />
  10. 10. Using initParams<br /><param name="initParams" value="UserName=<%=User.Identity.Name%>" /><br />…<br />private void Application_Startup(object sender, StartupEventArgs e) {<br />ProcessInitParams(e.InitParams);<br />this.RootVisual = new MainPage();<br />}<br />void ProcessInitParams(IDictionary<string, string> initParams) {<br /> if (initParams != null) {<br />foreach (var item in initParams) {<br />this.Resources.Add(item.Key, item.Value);<br /> }<br /> }<br />}<br />
  11. 11. Creating a User Credentials Service<br />Create a User Credentials WCF/ASMX service:<br />Service handles returning authenticated user's information<br />No risk of a spoofed User Name as with initParams<br />Service can return additional information such as roles<br />WCF RIA Services does this out-of-the-box<br />
  12. 12. Returning a User Name from a Service<br />[OperationContract]<br />public string GetLoggedInUserName() {<br /> return new SecurityRepository() .GetUserName(OperationContext.Current);<br />}<br />public class SecurityRepository {<br /> public string GetUserName(OperationContextopContext) {<br /> return (opContext.ServiceSecurityContext != null && <br />opContext.ServiceSecurityContext.WindowsIdentity != null) ? opContext.ServiceSecurityContext.WindowsIdentity.Name : null;<br /> }<br />}<br />
  13. 13. demo<br />Accessing an Authenticated User's User Name<br />
  14. 14. Agenda<br />Silverlight Security Options<br />Accessing User Identity Information<br />Accessing User Roles<br />Creating a SecurityManager class<br />
  15. 15. Accessing User Roles<br />Options:<br />Pass user roles into application using initParams<br />Create a security service operation that returns roles<br />Be Careful!<br />
  16. 16. Returning Roles from a Service<br />[OperationContract]<br />public List<Role> GetRoles()<br />{<br /> return new SecurityRepository().GetRoles(OperationContext.Current);<br />}<br />public class SecurityRepository {<br /> public List<Role> GetRoles(OperationContextopContext)<br /> {<br />varuserName = GetUserName(opContext);<br /> //Get roles from Active Directory, Database, or elsewhere<br /> }<br />}<br />
  17. 17. demo<br />Accessing User Roles<br />
  18. 18. Agenda<br />Silverlight Security Options<br />Accessing User Identity Information<br />Accessing User Roles<br />Creating a SecurityManager class<br />
  19. 19. How do you access and manage user names and roles in a Silverlight application?<br />
  20. 20. Creating a SecurityManager Class<br />SecurityManager class can act as client-side gateway to user credentials:<br />Accesses user credentials asynchronously<br />Determine user role(s)<br />Determine access to view<br />MVVM compliant<br />Add to ViewModel base class through aggregation<br />
  21. 21. The SecurityManager Class<br />[Export(typeof(ISecurityManager))]<br />[PartCreationPolicy(CreationPolicy.Shared)]<br />public class SecurityManager : ISecurityManager {<br />public event EventHandlerUserSecurityLoaded; <br />public boolIsUserSecurityLoadComplete { get; set; } <br /> public ObservableCollection<Role> UserRoles { get; set; }<br /> public string UserName { get; set; }<br /> public boolIsAdmin { get; }<br /> public boolIsInUserRole { get; }<br /> public boolIsValidUser { get; }<br /> private void GetUserSecurityDetails() {}<br /> public boolCheckUserAccessToUri(Uri uri) {}<br /> public boolUserIsInRole(string role) {}<br /> public boolUserIsInAnyRole(params string[] roles) {}<br />}<br />
  22. 22. Using the SecurityManager Class<br />public class ViewModelBase: INotifyPropertyChanged { [Import]<br />public ISecurityManagerSecurityManager { get; set; }<br />}<br />public class MainPageViewModel : ViewModelBase {<br /> public MainPageViewModel() {<br />if (!IsDesignTime) SecurityManager.UserSecurityLoaded += SecurityManagerUserSecurityLoaded;<br /> }<br /> void SecurityManagerUserSecurityLoaded(object sender, EventArgs e) {<br />IsAdmin = SecurityManager.IsAdmin; //Set INPC property<br />UserName = SecurityManager.UserName; //Set INPC property<br /> }<br />}<br />
  23. 23. demo<br />Creating and using a SecurityManager Class<br />
  24. 24. Summary<br />Silverlight doesn’t provide direct access to user credentials<br />Different techniques can be used to access a user name and roles:<br />Pass into initParams (be careful!)<br />Access data through a security service<br />Use WCF RIA Service's WebContext class<br />The SecurityManager class can simplify the process of working with user credentials<br />Handles async calls to security service <br />Stores user credentials and provides security logic<br />Integrates well with MVVM<br />
  25. 25. Contact Info<br />Blog<br /><br />Twitter<br />@DanWahlin<br />Blog<br /><br />Twitter<br />@DanWahlin<br />
  26. 26. Related Content<br />Required Slide<br />Speakers, please list the Breakout Sessions, Interactive Discussions, Labs, Demo Stations and Certification Exam that relate to your session. Also indicate when they can find you staffing in the TLC.<br />DEV209: From Zero to Silverlight in 75 Minutes<br />DEV210: Microsoft Silverlight, WCF RIA Services and Your Business Objects<br />DEV331: A Lap around Microsoft Silverlight 5<br />DEV386HOL: Microsoft Silverlight Data Binding<br />DEV388HOL: Web Services and Microsoft Silverlight<br />DEV390HOL: Using the MVVM Pattern in Microsoft Silverlight Applications<br />
  27. 27. Track Resources<br />Required Slide <br />Track PMs will supply the content for this slide, which will be inserted during the final scrub. <br />Resource 1<br />Resource 2<br />Resource 3<br />Resource 4<br />
  28. 28. Resources<br />Connect. Share. Discuss.<br /><br />Learning<br />Sessions On-Demand & Community<br />Microsoft Certification & Training Resources<br /><br /><br />Resources for IT Professionals<br />Resources for Developers<br /><br /><br />
  29. 29. Required Slide<br />Complete an evaluation on CommNet and enter to win!<br />
  30. 30. Required Slide <br />Your MS Tag will be inserted here during the final scrub. <br />MS Tag Placeholder Slide<br />
  31. 31. © 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.<br />The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.<br />