Print Page | Close Window

WIF and DevForce

Printed From: IdeaBlade
Category: DevForce
Forum Name: DevForce 2010
Forum Discription: For .NET 4.0
URL: http://www.ideablade.com/forum/forum_posts.asp?TID=3165
Printed Date: 16-Apr-2024 at 12:26am


Topic: WIF and DevForce
Posted By: francoisw
Subject: WIF and DevForce
Date Posted: 19-Dec-2011 at 8:59pm
I'm looking for a high-level process sequence on how to integrate WIF and Devforce Silverlight during authentication. I'm planning to use Thinktecture Identity Server (identityserver.codeplex.com) as the STS which is essentially backed with a membership database.

What would be the best practice with regards to this?

I will also have a website (asp.Net) which I want seamless integration with and where I would login via the website if the silverlight application is running in-browser and via the silverlight app in a out-of-browser case.

Should rather perform the authentication with the STS and setup an ASP.Net session before the login and then just perform a default login (no credentials) or is there another prefer process.

Thank you in advance for the awesome reply :-)


Replies:
Posted By: ting
Date Posted: 21-Dec-2011 at 4:38pm
I'm not familiar with the Thinktecture Identity Server. However, based on the documentation from their website, I believe you would implement the DevForce IEntityLoginManager and in the implementation, authenticate against their service by requesting a token from the credentials that you collect from the client (username & hashed password).

You can find more information about implementing custom authentication with the IEntityLoginManager here:
http://drc.ideablade.com/xwiki/bin/view/Documentation/authentication-details#HImplementingIEntityLoginManager - http://drc.ideablade.com/xwiki/bin/view/Documentation/authentication-details#HImplementingIEntityLoginManager

This code to request a token was taken from the Thinktecture docs:

  private string RequestToken() {

     var client = new HttpClient();

     client.DefaultRequestHeaders.Authorization = new BasicAuthenticationHeaderValue("username","password");


     var result = client.GetAsync(baseAddress + "?realm=https://server/rp/").Result;

     return result.Content.ReadAsStringAsync().Result;

  }


You can place the token into the IPrincipal that is returned by the IEntityLoginManager so that you can use it to check against authorization rights later.

I know there's a way for Silverlight to inherit a security token from the website, but I can't remember the code/configuration to do this.

Our professional services team is in a better position to recommend best practices in security, but I hope this helps.

Best,
Ting


Print Page | Close Window