Authorization Sample 101

This is an introduction to the Authorization Sample for RIA Services.

Authorization is implemented using attached properties. This means you can mark nearly everything in your xaml files with Authorization properties. In most cases, elements will be prepared for authorization and hidden until the framework determines access to that element is allowed. This section shows the basic markup and talks about how to use it.

For each sample, I’m assuming the following xml namespace has been added to the file. I’m using ‘s’ for ‘security’ as well as brevity.

  xmlns:s="clr-namespace:FirstLook.ServiceModel.DomainServices.Client.Security;
          assembly=FirstLook.ServiceModel.DomainServices.Client.Security"

RequiresAuthentication

The RequiresAuthentication property can be used to hide an element until the user is authenticated. This snippet will only show the hyperlink to authenticated users.

  <HyperlinkButton NavigateUri="/Accounts"
                  s:Authorization.RequiresAuthentication="True" />

RequiresRole

The RequiresRole property can be used to hide an element unless the user is in a specified role. This snippet will only show the hyperlink to users in the ‘Administrator’ role.

  <HyperlinkButton NavigateUri="/Accounts"
                  s:Authorization.RequiresRole="Administrator" />

The RequiresRole property also accepts multiple roles as input. In this snippet, the hyperlink will be shown when the user is in the ‘Administrator’ or ‘Manager’ roles.

  <HyperlinkButton NavigateUri="/Accounts"
                  s:Authorization.RequiresRole="Administrator,Manager" />

The NavigationMode property is used to enable authorization-based navigation. It can be applied to a Frame to enable authorization. The following snippet will redirect the user to ‘/Home’ if they attempt to navigate to a page they are not allowed to access.

  <nav:Frame Source="/Home" s:Authorization.NavigationMode="Redirect" />

Each page can simply declare its access rules using the RequiresAuthentication and RequiresRole properties discussed above. This snippet shows a page that can only be accessed by authenticated users.

  <nav:Page s:Authorization.RequiresAuthentication="True" />

[Security Note]

Authorization in Silverlight should only be used for Navigation and UI Customization. For true security, you need to secure your data by adding authorization to your web services. These msdn links describe how this can be done using WCF RIA Services.

https://msdn.microsoft.com/en-us/library/ee707361(v=VS.91).aspx

https://msdn.microsoft.com/en-us/library/ee707357(v=VS.91).aspx