DevForce Community Forum : ASP.NET Security Integration http://www.ideablade.com/forum/ This is an XML content feed of; DevForce Community Forum : DevForce 2009 : ASP.NET Security Integration Tue, 28 Apr 2026 21:39:29 -700 Mon, 26 Oct 2009 11:30:22 -700 http://blogs.law.harvard.edu/tech/rss Web Wiz Forums 9.69 360 www.ideablade.com/forum/RSS_post_feed.asp?TID=1529 DevForce Community Forum http://www.ideablade.com/forum/forum_images/IdeaBlade_logo_tm.png http://www.ideablade.com/forum/ ASP.NET Security Integration : Currently, the default ASPAuthenticatingLoginManager... http://www.ideablade.com/forum/forum_posts.asp?TID=1529&PID=5679#5679 Author: kimj
Subject: 1529
Posted: 26-Oct-2009 at 11:30am

Currently, the default ASPAuthenticatingLoginManager used by DevForce does not throw a LoginException when the user/password is invalid, instead the returned UserBase.IsAuthenticated property is false.  This was mostly done for legacy purposes and we are looking at modifying this behavior.  For right now, you can easily work around this by creating a custom LoginManager which extends the DevForce ASPAuthenticatingLoginManager and overriding  a single method.  Here's a complete sample:

using System;
using System.Web.Security;
using IdeaBlade.EntityModel;
namespace Sample {
  /// <summary>
  /// A custom LoginManager extending the DevForce AspAuthenticatingLoginManager.
  /// The DevForce implementation currently allows non-authenticated users to be logged in,
  /// so this class overrides user validation and throws a LoginException
  /// when the user is not authenticated.
  /// </summary>
  public class LoginManager : IdeaBlade.EntityModel.Web.AspAuthenticatingLoginManager {
    protected override bool ValidateUserCore(ILoginCredential credential) {
      // Base class calls Membership.ValidateUser, and returns t/f based on whether
      // the user is authenticated.  If not authenticated, we don't actually know why.
      // The base class does not throw a LoginException if the user is not authenticated,
      // so we do here.
      bool isAuthenticated = base.ValidateUserCore(credential);
      if (isAuthenticated) return isAuthenticated;
      var members = Membership.FindUsersByName(credential.UserName);
      if (members.Count == 0) {
        throw new LoginException(LoginExceptionType.InvalidUserName, "Invalid username");
      } else {
        throw new LoginException(LoginExceptionType.InvalidPassword, "Invalid password");
      }
    }
  }
}
Put the class in a server-side assembly, and add the name of this assembly to the top-level (non-key specific) <probeAssemblyNames> in the config file.
 
]]> Mon, 26 Oct 2009 11:30:22 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=1529&PID=5679#5679 ASP.NET Security Integration : I am attempting to build a simple... http://www.ideablade.com/forum/forum_posts.asp?TID=1529&PID=5675#5675 Author: cjohnson84
Subject: 1529
Posted: 23-Oct-2009 at 11:12am

I am attempting to build a simple Silverlight application that integrates DevForce with ASP.NET Security.  I have a simple login page with two text boxes and a "Login" button.  I want to authenticate the username and password entered by the user against my SQL Server database.  I have run aspnet_regsql.exe against the database and used the ASP.NET Configuration website to create a couple users and roles in the database.
 
In separate assemblies I have created an entity framework model of my database (excluding the asp.net authentication table) and the dev force model of my database using the DevForce object mapper.  I have modified the web.config of the web application by setting the authentication mode to "Forms" and I have set aspNetCompatibilityEnabled = true.  I have also added the connect string to my database:
 
<connectionStrings>

<remove name="LocalSqlServer"/>

<add name="LocalSqlServer" connectionString="Data Source=UDSSRV1\UDSLAB1;Initial Catalog=DevForceTest;Persist Security Info=True;User ID=sa;Password=sa" providerName="System.Data.SqlClient"/>

</connectionStrings>

Is there anything I'm missing here?  I run my application and I am able to "login" regardless of what i enter in the username and password textboxes.  I get no errors.  What do I need to do to at least see my login fail when I run my application in the development environment?
]]> Fri, 23 Oct 2009 11:12:07 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=1529&PID=5675#5675