Integrating Security Roles into Microsoft Silverlight Applications
Download as PPTX, PDF0 likes1,478 views
This document discusses options for integrating security roles into Microsoft Silverlight applications. It begins by outlining Silverlight authentication and authorization options like Windows authentication and forms roles. It then discusses techniques for accessing user identity information and roles in Silverlight, such as passing data via initParams, using a security service, or the WebContext class in WCF RIA Services. The document recommends creating a SecurityManager class to simplify working with user credentials by handling asynchronous calls to retrieve data and integrating with MVVM patterns.
![Returning a User Name from a Service[OperationContract]public string GetLoggedInUserName() { return new SecurityRepository() .GetUserName(OperationContext.Current);}public class SecurityRepository { public string GetUserName(OperationContextopContext) { return (opContext.ServiceSecurityContext != null && opContext.ServiceSecurityContext.WindowsIdentity != null) ? opContext.ServiceSecurityContext.WindowsIdentity.Name : null; }}](https://image.slidesharecdn.com/dev356wahlin-110525014331-phpapp02/85/Integrating-Security-Roles-into-Microsoft-Silverlight-Applications-12-320.jpg)
![Returning Roles from a Service[OperationContract]public List<Role> GetRoles(){ return new SecurityRepository().GetRoles(OperationContext.Current);}public class SecurityRepository { public List<Role> GetRoles(OperationContextopContext) {varuserName = GetUserName(opContext); //Get roles from Active Directory, Database, or elsewhere }}](https://image.slidesharecdn.com/dev356wahlin-110525014331-phpapp02/85/Integrating-Security-Roles-into-Microsoft-Silverlight-Applications-16-320.jpg)
![The SecurityManager Class[Export(typeof(ISecurityManager))][PartCreationPolicy(CreationPolicy.Shared)]public class SecurityManager : ISecurityManager {public event EventHandlerUserSecurityLoaded; public boolIsUserSecurityLoadComplete { get; set; } public ObservableCollection<Role> UserRoles { get; set; } public string UserName { get; set; } public boolIsAdmin { get; } public boolIsInUserRole { get; } public boolIsValidUser { get; } private void GetUserSecurityDetails() {} public boolCheckUserAccessToUri(Uri uri) {} public boolUserIsInRole(string role) {} public boolUserIsInAnyRole(params string[] roles) {}}](https://image.slidesharecdn.com/dev356wahlin-110525014331-phpapp02/85/Integrating-Security-Roles-into-Microsoft-Silverlight-Applications-21-320.jpg)
![Using the SecurityManager Classpublic class ViewModelBase: INotifyPropertyChanged { [Import]public ISecurityManagerSecurityManager { get; set; }}public class MainPageViewModel : ViewModelBase { public MainPageViewModel() {if (!IsDesignTime) SecurityManager.UserSecurityLoaded += SecurityManagerUserSecurityLoaded; } void SecurityManagerUserSecurityLoaded(object sender, EventArgs e) {IsAdmin = SecurityManager.IsAdmin; //Set INPC propertyUserName = SecurityManager.UserName; //Set INPC property }}](https://image.slidesharecdn.com/dev356wahlin-110525014331-phpapp02/85/Integrating-Security-Roles-into-Microsoft-Silverlight-Applications-22-320.jpg)
Integrating Security Roles into Microsoft Silverlight Applications
- 2. Integrating Security Roles into Microsoft Silverlight ApplicationsDEV356Dan WahlinWahlin Consulting
- 3. AgendaSilverlight Security OptionsAccessing User Identity InformationAccessing User RolesCreating a SecurityManager class
- 4. Silverlight Security OptionsSilverlight Authentication:WindowsFormsCustomSilverlight Authorization:Active Directory GroupsForms RolesCustom Roles
- 5. Windows Authentication OptionsOption 1: Secure page hosting Silverlight controlEasiestUser promptedSilverlight app securedOption 2: Secure backend servicesSilverlight application is anonymousCalls to service require credentialsClient HTTP stack can be used
- 6. Using the Client HTTP Stack//Set once in App.xaml.csHttpWebRequest.RegisterPrefix("https://", WebRequestCreator.ClientHttp);....WebClientwc = new WebClient();wc.UseDefaultCredentials = false;wc.Credentials = new NetworkCredential("username", "password", "domain");
- 7. AgendaSecuring Silverlight ApplicationsAccessing User Identity InformationAccessing User RolesCreating a SecurityManager class
- 8. Accessing a User's CredentialsSilverlight does not support accessing the User object directlyUser.Identity.NameOptions for accessing the user name:initParams (be careful!)Use a serviceWCF RIA Services
- 9. Passing the User Name with initParamsUser Name can be passed dynamically into Silverlight using initParamsBe Careful!
- 10. Using initParams<param name="initParams" value="UserName=<%=User.Identity.Name%>" />…private void Application_Startup(object sender, StartupEventArgs e) {ProcessInitParams(e.InitParams);this.RootVisual = new MainPage();}void ProcessInitParams(IDictionary<string, string> initParams) { if (initParams != null) {foreach (var item in initParams) {this.Resources.Add(item.Key, item.Value); } }}
- 11. Creating a User Credentials ServiceCreate a User Credentials WCF/ASMX service:Service handles returning authenticated user's informationNo risk of a spoofed User Name as with initParamsService can return additional information such as rolesWCF RIA Services does this out-of-the-box
- 12. Returning a User Name from a Service[OperationContract]public string GetLoggedInUserName() { return new SecurityRepository() .GetUserName(OperationContext.Current);}public class SecurityRepository { public string GetUserName(OperationContextopContext) { return (opContext.ServiceSecurityContext != null && opContext.ServiceSecurityContext.WindowsIdentity != null) ? opContext.ServiceSecurityContext.WindowsIdentity.Name : null; }}
- 13. demoAccessing an Authenticated User's User Name
- 14. AgendaSilverlight Security OptionsAccessing User Identity InformationAccessing User RolesCreating a SecurityManager class
- 15. Accessing User RolesOptions:Pass user roles into application using initParamsCreate a security service operation that returns rolesBe Careful!
- 16. Returning Roles from a Service[OperationContract]public List<Role> GetRoles(){ return new SecurityRepository().GetRoles(OperationContext.Current);}public class SecurityRepository { public List<Role> GetRoles(OperationContextopContext) {varuserName = GetUserName(opContext); //Get roles from Active Directory, Database, or elsewhere }}
- 18. AgendaSilverlight Security OptionsAccessing User Identity InformationAccessing User RolesCreating a SecurityManager class
- 19. How do you access and manage user names and roles in a Silverlight application?
- 20. Creating a SecurityManager ClassSecurityManager class can act as client-side gateway to user credentials:Accesses user credentials asynchronouslyDetermine user role(s)Determine access to viewMVVM compliantAdd to ViewModel base class through aggregation
- 21. The SecurityManager Class[Export(typeof(ISecurityManager))][PartCreationPolicy(CreationPolicy.Shared)]public class SecurityManager : ISecurityManager {public event EventHandlerUserSecurityLoaded; public boolIsUserSecurityLoadComplete { get; set; } public ObservableCollection<Role> UserRoles { get; set; } public string UserName { get; set; } public boolIsAdmin { get; } public boolIsInUserRole { get; } public boolIsValidUser { get; } private void GetUserSecurityDetails() {} public boolCheckUserAccessToUri(Uri uri) {} public boolUserIsInRole(string role) {} public boolUserIsInAnyRole(params string[] roles) {}}
- 22. Using the SecurityManager Classpublic class ViewModelBase: INotifyPropertyChanged { [Import]public ISecurityManagerSecurityManager { get; set; }}public class MainPageViewModel : ViewModelBase { public MainPageViewModel() {if (!IsDesignTime) SecurityManager.UserSecurityLoaded += SecurityManagerUserSecurityLoaded; } void SecurityManagerUserSecurityLoaded(object sender, EventArgs e) {IsAdmin = SecurityManager.IsAdmin; //Set INPC propertyUserName = SecurityManager.UserName; //Set INPC property }}
- 23. demoCreating and using a SecurityManager Class
- 24. SummarySilverlight doesn’t provide direct access to user credentialsDifferent techniques can be used to access a user name and roles:Pass into initParams (be careful!)Access data through a security serviceUse WCF RIA Service's WebContext classThe SecurityManager class can simplify the process of working with user credentialsHandles async calls to security service Stores user credentials and provides security logicIntegrates well with MVVM
- 26. Related ContentRequired SlideSpeakers, please list the Breakout Sessions, Interactive Discussions, Labs, Demo Stations and Certification Exam that relate to your session. Also indicate when they can find you staffing in the TLC.DEV209: From Zero to Silverlight in 75 MinutesDEV210: Microsoft Silverlight, WCF RIA Services and Your Business ObjectsDEV331: A Lap around Microsoft Silverlight 5DEV386HOL: Microsoft Silverlight Data BindingDEV388HOL: Web Services and Microsoft SilverlightDEV390HOL: Using the MVVM Pattern in Microsoft Silverlight Applications
- 27. Track ResourcesRequired Slide Track PMs will supply the content for this slide, which will be inserted during the final scrub. Resource 1Resource 2Resource 3Resource 4
- 28. ResourcesConnect. Share. Discuss.http://northamerica.msteched.comLearningSessions On-Demand & CommunityMicrosoft Certification & Training Resourceswww.microsoft.com/techedwww.microsoft.com/learningResources for IT ProfessionalsResources for Developershttp://microsoft.com/technethttp://microsoft.com/msdn
- 29. Required SlideComplete an evaluation on CommNet and enter to win!
- 30. Required Slide Your MS Tag will be inserted here during the final scrub. MS Tag Placeholder Slide
- 31. © 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Editor's Notes
- #6: Option 1: Secure page hosting Silverlight control:Easiest approachSilverlight application isn't accessed until user authenticatesUser prompted for credentials or credentials are passed throughOption 2: Secure backend servicesAnonymous application accessCalls to services prompt for authentication credentialsUse Client HTTP Stack to set network credentials programmatically (example shown next)
- #9: Use WCF RIA Service's WebContext class:WebContext.Current.Authentication.User
- #10: Be Careful!Hacker could change value passed into initParamsIf application simply displays the User Name then no problemIf application relies on User Name to lookup roles and more from services this can be a bad solution
- #16: Be Careful!Embedding roles in initParams opens the application to spoofingReturning roles from a service call is the best option
- #31: New for TechEd 2011, we will be working with Microsoft Tag (http://tag.microsoft.com/overview.aspx) to create unique Tags for every session at the event. Your session Tag will appear on both the room signage and at the end of your presentation. With your session Tag, attendees will be able to scan as they enter the room to retrieve session details, view speaker bios, and engage in discussions; or scan at the end of the presentation to evaluate your session and download materials. We’re excited to integrate Microsoft Tag across the My TechEd mobile experience this year.