DevForce Community Forum : [Solved]Role based (Form) Authentication changes http://www.ideablade.com/forum/ This is an XML content feed of; DevForce Community Forum : DevForce Classic : [Solved]Role based (Form) Authentication changes Thu, 11 Jun 2026 18:09:19 -700 Fri, 21 Sep 2007 16:22:42 -700 http://blogs.law.harvard.edu/tech/rss Web Wiz Forums 9.69 360 www.ideablade.com/forum/RSS_post_feed.asp?TID=446 DevForce Community Forum http://www.ideablade.com/forum/forum_images/IdeaBlade_logo_tm.png http://www.ideablade.com/forum/ [Solved]Role based (Form) Authentication changes : Tx. I will give it a try on Monday.... http://www.ideablade.com/forum/forum_posts.asp?TID=446&PID=1287#1287 Author: orcities
Subject: 446
Posted: 21-Sep-2007 at 4:22pm

Tx. I will give it a try on Monday.]]> Fri, 21 Sep 2007 16:22:42 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=446&PID=1287#1287 [Solved]Role based (Form) Authentication changes : It may be a 'typo',... http://www.ideablade.com/forum/forum_posts.asp?TID=446&PID=1286#1286 Author: Linguinut
Subject: 446
Posted: 21-Sep-2007 at 3:34pm

It may be a 'typo', but the Roles tag needs to be inside ModuleInfo

<ModuleInfo AssemblyFile="Company.App.Module.dll">
    <Roles>
        <Role Allow="Chuck"/>
    </Roles>
</ModuleInfo>
]]> Fri, 21 Sep 2007 15:34:49 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=446&PID=1286#1286 [Solved]Role based (Form) Authentication changes : I have one problem. The roles... http://www.ideablade.com/forum/forum_posts.asp?TID=446&PID=1285#1285 Author: orcities
Subject: 446
Posted: 21-Sep-2007 at 3:25pm

I have one problem.
 
The roles are getting stuffed but not implemented.
 
When I remove [DebuggerNonUserCode] from Authenticate I am able to trace and see that it stuffs roles. But it isn't implementing my rules.
 
My profile Catalog has the following.

<Section Name="SecurityModule">

<Dependencies>

<Dependency Name="Foundation" />

</Dependencies>

<Modules>

<ModuleInfo AssemblyFile="LOC.CEMS.SecurityModule.dll" />

<Roles>

<Role Allow="Chuck"/>

</Roles>

</Modules>

</Section>

Chuck doesn't exist as a role so I should never see the module correct?

]]> Fri, 21 Sep 2007 15:25:29 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=446&PID=1285#1285 [Solved]Role based (Form) Authentication changes : GetCredential() is in the AppAuthenticationService... http://www.ideablade.com/forum/forum_posts.asp?TID=446&PID=1279#1279 Author: Bill Jensen
Subject: 446
Posted: 21-Sep-2007 at 2:00pm

GetCredential() is in the AppAuthenticationService in your Foundation project that already has a reference to System.Windows.Forms.  It's not part of the model project.]]> Fri, 21 Sep 2007 14:00:21 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=446&PID=1279#1279 [Solved]Role based (Form) Authentication changes : Since we want to seperate module... http://www.ideablade.com/forum/forum_posts.asp?TID=446&PID=1276#1276 Author: orcities
Subject: 446
Posted: 21-Sep-2007 at 1:42pm

Since we want to seperate module from presentation. Where do you recommend putting the LoginForm. I don't really want to create a ref in the model project of windows.forms unless it is really necessary.]]> Fri, 21 Sep 2007 13:42:48 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=446&PID=1276#1276 [Solved]Role based (Form) Authentication changes : Thanks again. I tried to put... http://www.ideablade.com/forum/forum_posts.asp?TID=446&PID=1271#1271 Author: orcities
Subject: 446
Posted: 21-Sep-2007 at 12:19pm

Thanks again.
 
I tried to put the form implementation in there like I did in the last Cabana release but I must have did something wrong.
 
 
]]> Fri, 21 Sep 2007 12:19:22 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=446&PID=1271#1271 [Solved]Role based (Form) Authentication changes : Yes, in this version of Cabana,... http://www.ideablade.com/forum/forum_posts.asp?TID=446&PID=1270#1270 Author: Bill Jensen
Subject: 446
Posted: 21-Sep-2007 at 12:04pm

Yes, in this version of Cabana, Ward has factored client-side authentication into the AppAuthenticationService, implementing IAuthentication service.  It's in the Foundation project.
 
IAuthentication service exposes one method, Authenticate(), that is invoked at application startup.  This calls Login() to first get the user's credentials, then attempt to login via the persistence manager:
 

/// <summary>Login this manager.</summary>

protected virtual void Login(PersistenceManager pManager) {

ILoginCredential aCredential = GetCredential();

Login(pManager, aCredential);

}

 
In GetCredential() we see:
 

/// <summary>Get the credential for this user.</summary>

/// <remarks>

/// This implementation only knows how to get a Windows Credential;

/// see <see cref="GetWindowsCredential"/>.

/// </remarks>

protected virtual ILoginCredential GetCredential() {

ILoginCredential credential = GetWindowsCredential();

if (credential == null) {

// We don't have an alternative way to get the credential

throw new InvalidOperationException("Windows user is not authenticated.");

}

return credential;

}

It is here that you could write code to display a login form and create an object implementing the DevForce ILoginCredential interface.  The class IdeaBlade.Persistence.LoginCredential is the base implementation of this interface.

On the server side, the credentials are passed to the Login() method of the LoginManager (in the Model project).  There, the method GetAppIdentity() checks for a non-empty user name (an empty user name signals that Windows authentication should be used) and invokes GetUserPasswordIdentity():
 

/// <summary>

/// Get user based on user LoginName and password

/// </summary>

/// <param name="pCredential">Login credential.</param>

/// <param name="pManager">PersistenceManager for retrieving user.</param>

/// <returns>Identity built based on lookup of user's LoginName and password.</returns>

[DebuggerNonUserCode] // Let client catch exceptions

private static AppIdentity GetUserPasswordIdentity(ILoginCredential pCredential, PersistenceManager pManager) {

IUser aUser = SecurityUser.GetUserByCredential(pManager, pCredential);

return new AppIdentity(aUser.FullName, aUser.Id, "UserPassword");

}

Here we must supply an implementation of IUser from somewhere.  In Cabana (and wizard-based applications), we rely on the existence of an entity in the model called SecurityUser that has a static factory method GetUserByCredential().  In the Cabana implementation, this method retrieves the user from the database by username and password.  You can provide code that authenticates the user and returns an implementation of IUser.
 
Back in the Login(credential, pm) method of LoginManager, once the user is authenticated and we have an AppIdentity object, GetUserRoles() is invoked and a Principal object created:

public IPrincipal Login(ILoginCredential pCredential, PersistenceManager pManager) {

AppIdentity identity = GetAppIdentity(pCredential, pManager);

String[] roles = GetUserRoles(pManager, identity);

IPrincipal principal = new GenericPrincipal(identity, roles);

}
 
In GetUserRoles() you need to provide the authorized roles for the user as an array of strings:
 

/// <summary>

/// Get the user's roles

/// </summary>

/// <param name="pManager">PersistenceManager for retrieving roles from persistent storage.</param>

/// <param name="pIdentity">Identity of the user who has the roles.</param>

private static string[] GetUserRoles(PersistenceManager pManager, AppIdentity pIdentity) {

// Todo: Get the roles via the UserId in the identity.

// pIdentity.AuthenticationType may figure in role determination.

return new string[] { };

}

These will be placed in the Principal object and returned to the client, where the Principal will be set as the user of the application.
 
By placing
 
<Roles>
    <Role Allow="rolename"/>
</Role>
 
tags within Modules in the ProfileCatalog.xml file, you cause CAB to check the user's roles [via IPrincipal.IsInRole()] before loading the module.
 
You are also free to include role based security to restrict functionality within your code.  See:
 
 
Hope this answers your questions.
 
Bill J
]]> Fri, 21 Sep 2007 12:04:31 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=446&PID=1270#1270 [Solved]Role based (Form) Authentication changes : I am using Forms so I have to... http://www.ideablade.com/forum/forum_posts.asp?TID=446&PID=1268#1268 Author: orcities
Subject: 446
Posted: 21-Sep-2007 at 9:43am

I am using Forms so I have to be able to pass the UserName and Password to the AuthenticationService.
 
I can't figure out how to do that.
 
In the last version of Cabana it was handled in the LoginClientCore.
]]> Fri, 21 Sep 2007 09:43:12 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=446&PID=1268#1268 [Solved]Role based (Form) Authentication changes : Yes, I am using Windows Authentication,... http://www.ideablade.com/forum/forum_posts.asp?TID=446&PID=1267#1267 Author: Linguinut
Subject: 446
Posted: 21-Sep-2007 at 9:40am

Yes, I am using Windows Authentication, but the roles have to come from somewhere.  The GetUserRoles method is where you would do that.  I am guessing that your roles are stored in the database.  You would set up the script to retrieve the assigned roles as a string collection from your table for the user.  Not sure if this actually helps you (I hope it does), but I thought I'd throw my 2 cents in.  Btw, I don't think LoginManager is limited to Windows Authentication.]]> Fri, 21 Sep 2007 09:40:21 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=446&PID=1267#1267 [Solved]Role based (Form) Authentication changes : I&#039;ll respond to this tomorrow. Bill... http://www.ideablade.com/forum/forum_posts.asp?TID=446&PID=1261#1261 Author: Bill Jensen
Subject: 446
Posted: 20-Sep-2007 at 7:33pm

I'll respond to this tomorrow.
 
Bill J.
]]> Thu, 20 Sep 2007 19:33:56 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=446&PID=1261#1261 [Solved]Role based (Form) Authentication changes : From what I understand from your... http://www.ideablade.com/forum/forum_posts.asp?TID=446&PID=1260#1260 Author: orcities
Subject: 446
Posted: 20-Sep-2007 at 6:26pm

From what I understand from your previous thread; you are using Windows Authentication.
 
I am using form. I need to provide the input.
]]> Thu, 20 Sep 2007 18:26:58 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=446&PID=1260#1260 [Solved]Role based (Form) Authentication changes : Check out the LoginManager of... http://www.ideablade.com/forum/forum_posts.asp?TID=446&PID=1259#1259 Author: Linguinut
Subject: 446
Posted: 20-Sep-2007 at 5:29pm

Check out the LoginManager of the model project.  I had to implement the GetUserRoles method to get my authentication to work.]]> Thu, 20 Sep 2007 17:29:11 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=446&PID=1259#1259 [Solved]Role based (Form) Authentication changes : I was able to use role based authentication... http://www.ideablade.com/forum/forum_posts.asp?TID=446&PID=1257#1257 Author: orcities
Subject: 446
Posted: 20-Sep-2007 at 2:43pm

I was able to use role based authentication fairly easily on the last Cabana release. But, it seems that authentication has change from LoginClientCore to a Service.
 
I have created a login form. And need to verify the user. AppAuthentication does Windows authentication. I am trying to figure out how to pass my username and password to the AppAuthenticationService to validate the user.
 
I added another Authenticate(string username, string password). And in my form I attempt, not sure if it is correct, to get the AppAuthenticationService using :

[ServiceDependency]

public IAuthenticationService AuthenticationService { set { mAuthenticationService = value; } }

private IAuthenticationService mAuthenticationService;

But of course it doesn't get my implementation of the service. I see in the ShellApp.cs filwer where it creates the service. But I am probably unsuccessful in getting that service.

Can you guys help?

Edited by orcities - 24-Sep-2007 at 7:55am]]> Thu, 20 Sep 2007 14:43:43 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=446&PID=1257#1257