Integrating Security Roles into Microsoft Silverlight Applications

Presentation Transcript

DEV356

Dan Wahlin

Wahlin Consulting

Agenda

Silverlight Security Options
Accessing User Identity Information
Accessing User Roles
Creating a SecurityManager class

Silverlight Authentication:

Windows
Forms
Custom

Silverlight Authorization:

Active Directory Groups
Forms Roles
Custom Roles

Windows Authentication Options

Option 1: Secure page hosting Silverlight control

Easiest
User prompted
Silverlight app secured

Option 2: Secure backend services

Silverlight app is anonymous
Calls to service require credentials
Client HTTP stack can be used

Using the Client HTTP Stack

//Set once in App.xaml.cs
HttpWebRequest.RegisterPrefix("https://", WebRequestCreator.ClientHttp);
....
WebClientwc = new WebClient();
wc.UseDefaultCredentials = false;
wc.Credentials = new NetworkCredential("username", "password", "domain");

Agenda

Securing Silverlight Applications

Accessing a User's Credentials

Silverlight does not support accessing the User object directly

User.Identity.Name

Options for accessing the user name:

initParams (be careful!)
Use a service
WCF RIA Services

Passing the User Name with initParams

User Name can be passed dynamically into Silverlight using initParams

Be Careful!

Using initParams

…

private void Application_Startup(object sender, StartupEventArgs e) {

ProcessInitParams(e.InitParams);

this.RootVisual = new MainPage();

}

void ProcessInitParams(IDictionary<string, string> initParams) {

if (initParams != null) {

foreach (var item in initParams) {

this.Resources.Add(item.Key, item.Value);

}

Creating a User Credentials Service

Create a User Credentials WCF/ASMX service:

Service handles returning authenticated user's information
No risk of a spoofed User Name as with initParams
Service can return additional information such as roles
WCF RIA Services does this out-of-the-box

Returning a User Name from a Service

[OperationContract]

public string GetLoggedInUserName() {

return new SecurityRepository() .GetUserName(OperationContext.Current);

}

public class SecurityRepository {

public string GetUserName(OperationContextopContext) {

return (opContext.ServiceSecurityContext != null &&

opContext.ServiceSecurityContext.WindowsIdentity != null) ? opContext.ServiceSecurityContext.WindowsIdentity.Name : null;

}

Accessing an Authenticated User's User Name

demo

Agenda

Options:

Pass user roles into application using initParams
Create a security service operation that returns roles

Be Careful!

Returning Roles from a Service

[OperationContract]

public List<Role> GetRoles()

{

return new SecurityRepository().GetRoles(OperationContext.Current);

}

public class SecurityRepository {

public List<Role> GetRoles(OperationContextopContext)

{

varuserName = GetUserName(opContext);

//Get roles from Active Directory, Database, or elsewhere

}

Accessing User Roles

demo

Agenda

How do you access and manage user names and roles in a Silverlight application?

Creating a SecurityManager Class

SecurityManager class can act as client-side gateway to user credentials:

Accesses user credentials asynchronously
Determine user role(s)
Determine access to view
MVVM compliant
Add to ViewModel base class through aggregation

The SecurityManager Class

[Export(typeof(ISecurityManager))]

[PartCreationPolicy(CreationPolicy.Shared)]

public class SecurityManager : ISecurityManager {

public event EventHandlerUserSecurityLoaded;

public boolIsUserSecurityLoadComplete { get; set; }

public ObservableCollection<Role> UserRoles { get; set; }

public string UserName { get; set; }

public boolIsAdmin { get; }

public boolIsInUserRole { get; }

public boolIsValidUser { get; }

private void GetUserSecurityDetails() {}

public boolCheckUserAccessToUri(Uri uri) {}

public boolUserIsInRole(string role) {}

public boolUserIsInAnyRole(params string[] roles) {}

}

Using the SecurityManager Class

public class ViewModelBase: INotifyPropertyChanged { [Import]

public ISecurityManagerSecurityManager { get; set; }

}

public class MainPageViewModel : ViewModelBase {

public MainPageViewModel() {

if (!IsDesignTime) SecurityManager.UserSecurityLoaded += SecurityManagerUserSecurityLoaded;

}

void SecurityManagerUserSecurityLoaded(object sender, EventArgs e) {

IsAdmin = SecurityManager.IsAdmin; //Set INPC property

UserName = SecurityManager.UserName; //Set INPC property

}

Creating and using a SecurityManager Class

demo

Summary

Silverlight doesn’t provide direct access to user credentials
Different techniques can be used to access a user name and roles:

Pass into initParams (be careful!)
Access data through a security service
Use WCF RIA Service's WebContext class

The SecurityManager class can simplify the process of working with user credentials

Handles async calls to security service
Stores user credentials and provides security logic
Integrates well with MVVM

Required Slide

Speakers, please list the Breakout Sessions, Interactive Discussions, Labs, Demo Stations and Certification Exam that relate to your session. Also indicate when they can find you staffing in the TLC.

Integrating Security Roles into Microsoft Silverlight Applications - PowerPoint PPT Presentation

PowerPoint Slideshow about 'Integrating Security Roles into Microsoft Silverlight Applications' - gustav