New Posts New Posts RSS Feed: IsAuthenticated property effects...
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

IsAuthenticated property effects...
 Post Reply Post Reply
Author
  Share Topic Share Topic  Topic Search Topic Search  Topic Options Topic Options
DenisK View Drop Down
IdeaBlade
IdeaBlade


Joined: 25-Aug-2010
Posts: 715 		Post Options Post Options   Quote DenisK Quote  Post ReplyReply Direct Link To This Post Topic: IsAuthenticated property effects...
    Posted: 25-Apr-2012 at 6:57pm
Hi Siyfion,

The IsAuthenticated property does affect the behavior of the EntityManager. One example, among others, is it can affect how an EM can query or save entities in conjunction with what security attributes you mark your entities with. In other words, the usage of DevForce security attributes is how you can limit your "unauthorized user" access. 

See if this DRC topic can help you get started. http://drc.ideablade.com/xwiki/bin/view/Documentation/authorize


Edited by DenisK - 25-Apr-2012 at 7:13pm
Back to Top
Siyfion View Drop Down
Groupie
Groupie
Avatar

Joined: 22-Mar-2012
Location: Bristol, UK
Posts: 47 		Post Options Post Options   Quote Siyfion Quote  Post ReplyReply Direct Link To This Post Posted: 25-Apr-2012 at 9:14am
Assuming that you disallow anonymous logins, if you create an implementation of the IEntityLoginManager interface on the server, you must return an IPrincipal which exposes an IsAuthenticated property. Does this IsAuthenticated property effect the behaviour of the EntityManager at all, or is it just a value to be referenced manually in code?

The reason why I ask is thus; say we have a username and password for the user to enter on the login screen and they have forgotten their username (not that unlikely!). Say we have some "Forgotten your username?" and "Forgotten your password?" links, we want these to be able to prompt the user for some other data, like their e-mail address, and be able to look up the required information in the database. Obviously this requires a connection to the server, so could I log in and return an "unauthorized user" to then use to lookup the relevant user data? If so, is there a "best strategy" for limiting the access of this unauthorized user?
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down