I'm not familiar with the Thinktecture Identity Server. However, based on the documentation from their website, I believe you would implement the DevForce IEntityLoginManager and in the implementation, authenticate against their service by requesting a token from the credentials that you collect from the client (username & hashed password).
You can find more information about implementing custom authentication with the IEntityLoginManager here: http://drc.ideablade.com/xwiki/bin/view/Documentation/authentication-details#HImplementingIEntityLoginManager - http://drc.ideablade.com/xwiki/bin/view/Documentation/authentication-details#HImplementingIEntityLoginManager
This code to request a token was taken from the Thinktecture docs: private string RequestToken() { var client = new HttpClient(); client.DefaultRequestHeaders.Authorization = new BasicAuthenticationHeaderValue("username","password");
var result = client.GetAsync(baseAddress + "?realm=https://server/rp/").Result; return result.Content.ReadAsStringAsync().Result; }
You can place the token into the IPrincipal that is returned by the IEntityLoginManager so that you can use it to check against authorization rights later.
I know there's a way for Silverlight to inherit a security token from the website, but I can't remember the code/configuration to do this.
Our professional services team is in a better position to recommend best practices in security, but I hope this helps.
Best, Ting
|