Authorization Sample 201

The attached properties described in Authorization 101 will get you going. It may even be a long time before you need more. If you find yourself chafing at the limits, though, then this section is for you. It works through some of first customization steps most applications will find useful.

Custom Authorization

Authorization is implemented using AuthorizationAttributes. If you’ve used ValidationAttributes in Silverlight, this approach should feel familiar to you. Custom authorization can be added by simply extending the AuthorizationAttribute and implementing the IsAuthorized method. These attributes can then be applied to a navigation Page or any other type where authorization would be useful.

In addition to attribute-based authorization, rule-based authorization is also available for convenient use in xaml. To implement rule-based authorization, you will need to create a new class that derives from AuthorizationRule and override the GetAuthorizationAttributes method.

   public class CustomAuthorizationRule : AuthorizationRule
  {
      public override IEnumerable<AuthorizationAttribute>
                        GetAuthorizationAttributes(object target)
      {
          return new[] { new CustomAuthorizationAttribute() };
      }
  }

You can now reference this authorization method from anywhere in xaml using the Rule property. The following snippet displays the hyperlink according to your custom authorization rule.

   <HyperlinkButton NavigateUri="/Accounts">
      <s:Authorization.Rule>
          <my:CustomAuthorizationRule />
      </s:Authorization.Rule>
  </HyperlinkButton>

Custom Behaviors

You may have noticed not all elements are hidden when the RequiresAuthentication and RequiresRole properties are applied. Pages, for instance, are simply disabled. Even though the default behavior is determined based on element type, each element can specifically declare how authorization should be applied using the TargetProperties property. The following snippet disables the hyperlink for users who are not in the ‘Administrator’ role.

   <HyperlinkButton NavigateUri="/Accounts"
                   s:Authorization.RequiresRole="Administrator"
                   s:Authorization.TargetProperties="IsEnabled" />

The TargetProperties property can be set on an element to any DependencyProperty that is a type supported by the AuthorizationConverter. Most notably, these types include Strings, Booleans, and Visibility. Also, like RequiresRole, the TargetProperties property supports a comma-separated list of property names.

Sometimes simply redirecting the user when they try to access a page they are not allowed to view is not the best option. Often, it is useful to prompt the user for their login credentials. If you set the NavigationMode to Prompt, the framework will attempt to do just that.

Using Prompt mode requires you to implement an AuthorizationPrompter, a simple interface used to prompt the user for credentials. A single instance can be created at startup and will be used throughout.

   public App()
  {
      // ...
      Authorization.Prompter = new LoginRegistrationWindowPrompter();
  }

Additionally, a Page and Frame can specify different NavigationModes. The value specified by the Frame will be used as the default. If a Page chooses to specify a value as well, it will be used instead of the default.