Silverlight 4 + RIA Services – Ready for Business: Authentication and Personalization


To continue our series,  In real business applications our data is often very valuable and as such we need to know who is accessing what data and control certain data access to only users with privilege.  Luckily this is very easy to do with RIA Services.  For example, say we want to let only authenticated users access our data in this example.   That is as easy to accomplish as adding an attribute, see line 2 below. 

 

  1:     [EnableClientAccess]
  2:     [RequiresAuthentication]
  3:     public class DishViewDomainService : LinqToEntitiesDomainService<DishViewEntities>
  4:     {
  5: 

 

When we run the application, we now get an error.  Clearly you can do a bit better from a user experience angle… but the message is clear enough. 

  image_thumb[93]

 

Notice there is a login option, so we can log in…

image_thumb[107]

 

and even create a new user.

image_thumb[108]

 

and with a refresh we now get our data

image_thumb[97]

And the application knows who i am on the client and gives me a way to log out.

Now you can also easily interact with the current user on the server.  So for example, only return records that they have edited, or, in this case, log every access:

 

  1:         public IQueryable<Restaurant> GetRestaurants()
  2:         {
  3:             File.AppendAllLines(@"C:\Users\brada\Desktop\log.txt", new string[] {
  4:                 String.Format("{0}:{1}", DateTime.Now,
  5:                 this.ServiceContext.User.Identity.Name)});
  6:             return this.ObjectContext.Restaurants
  7:                 .Where (r=>r.Region != "NC")
  8:                 .OrderBy(r=>r.ID);
  9:         }
 10: 

 

Line 5 is the key one.. we are accessing the current users on the server.   This gives us a nice simple log.

3/7/2010 9:42:57 PM:darb

3/7/2010 9:43:05 PM:darb

Now we can also personalize this a bit.  Say we want our users to be able to give us a favorite color and we keep track of that on the server and the client, so it works seamlessly from any machine. 

First we need to add BackgroundColor to our backing store.  I this case I am using ASP.NET profile storage, so I add the right stuff to web.config

image_thumb[103]

Then I need to access this from the Silverlight client, so I add a property to the User instance in the Models\User.cs

    public partial class User : UserBase
    {
        public string FriendlyName { get; set; }
        public string BackgroundColor { get; set; }
    }

Finally, we need to access  it on the client.   In main.xaml add lines 2 and 3..

  1:   <Grid x:Name="LayoutRoot" Style="{StaticResource LayoutRootGridStyle}"
  2:         Background="{Binding Path=User.BackgroundColor}"
  3:         DataContext="{StaticResource WebContext}">
  4: 
  5: 

 

Run it and we get our great default background color!

image_thumb[104]

Now, that is nice, but it would be even better to give the user a chance to actually edit their settings.  So in About.xaml, we use a very similar model as above.

  <Grid x:Name="LayoutRoot"
        DataContext="{StaticResource WebContext}">

and

<sdk:Label Content="Background Color:" />
<TextBox Text="{Binding Path=User.BackgroundColor, Mode=TwoWay}" Height="23" />

Then wire up a save button

        private void button1_Click(object sender, System.Windows.RoutedEventArgs e)
        {
            WebContext.Current.Authentication.SaveUser(false);
        }

 

And it works!

image_thumb[105]

And what’s better is if you run it from another browser, on another machine, once you log in you get the exact same preferences!

image_thumb[106]

Comments (7)

  1. What changes would need to be made to enable this type of athentication and personalization to be available in out of browser applications?

  2. Chris says:

    How can I access that profile info from the service level for a given user?  

    I can do this:

    MembershipUser usrInfo = Membership.GetUser(ServiceContext.User.Identity.Name);

    but how then do you get the properties, or better yet a User object with my extended properties?

  3. shail_k_patel says:

    Your post is very helpful.  Could you also add source code of example when you post any silverlight 4 online ?   That will be very helpful.

  4. Hi Brad,

    Thank you for the series on Silverlight Business Applications! Very informative!

    How easy is it to authenticate users against another user store, when were not using the aspnetMembership provider?

  5. rekna says:

    Suppose you’re writing an intranet silverlight application, is it possible to have Windows Authentication and how would you do it?

  6. Mat V says:

    Hi Brad,

    Assuming I am running a signed Silverlight 4 app, over https with an authenticated user; is additional hardening required to WCF RIA Services to prevent MITM (man in the middle) attacks from changing things like primary keys? Despite being an authenticated user they will be anonymous to me and as such untrustworthy I am worried that they can change the data stream.

    Thanks,

    Mat

  7. dekorasyon says:

    Your words were very beautiful picture thanks