New Posts New Posts RSS Feed: WIF and DevForce
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

WIF and DevForce

 Post Reply Post Reply
francoisw View Drop Down

Joined: 19-Dec-2011
Location: South Africa
Posts: 2
Post Options Post Options   Quote francoisw Quote  Post ReplyReply Direct Link To This Post Topic: WIF and DevForce
    Posted: 19-Dec-2011 at 8:59pm
I'm looking for a high-level process sequence on how to integrate WIF and Devforce Silverlight during authentication. I'm planning to use Thinktecture Identity Server ( as the STS which is essentially backed with a membership database.

What would be the best practice with regards to this?

I will also have a website (asp.Net) which I want seamless integration with and where I would login via the website if the silverlight application is running in-browser and via the silverlight app in a out-of-browser case.

Should rather perform the authentication with the STS and setup an ASP.Net session before the login and then just perform a default login (no credentials) or is there another prefer process.

Thank you in advance for the awesome reply :-)

Back to Top
ting View Drop Down

Joined: 27-Mar-2009
Location: San Francisco
Posts: 427
Post Options Post Options   Quote ting Quote  Post ReplyReply Direct Link To This Post Posted: 21-Dec-2011 at 4:38pm
I'm not familiar with the Thinktecture Identity Server. However, based on the documentation from their website, I believe you would implement the DevForce IEntityLoginManager and in the implementation, authenticate against their service by requesting a token from the credentials that you collect from the client (username & hashed password).

You can find more information about implementing custom authentication with the IEntityLoginManager here:

This code to request a token was taken from the Thinktecture docs:

  private string RequestToken() {

     var client = new HttpClient();

     client.DefaultRequestHeaders.Authorization = new BasicAuthenticationHeaderValue("username","password");

     var result = client.GetAsync(baseAddress + "?realm=https://server/rp/").Result;

     return result.Content.ReadAsStringAsync().Result;


You can place the token into the IPrincipal that is returned by the IEntityLoginManager so that you can use it to check against authorization rights later.

I know there's a way for Silverlight to inherit a security token from the website, but I can't remember the code/configuration to do this.

Our professional services team is in a better position to recommend best practices in security, but I hope this helps.


Edited by ting - 21-Dec-2011 at 4:43pm
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down