Print Page | Close Window

Calling LoginAsync to validate a user

Printed From: IdeaBlade
Category: DevForce
Forum Name: DevForce 2009
Forum Discription: For .NET 3.5
URL: http://www.ideablade.com/forum/forum_posts.asp?TID=1307
Printed Date: 29-Apr-2025 at 4:49pm


Topic: Calling LoginAsync to validate a user
Posted By: jsobell
Subject: Calling LoginAsync to validate a user
Date Posted: 07-Jun-2009 at 3:56am
We've been trying to use the IEntityLoginManager interface to validate users but have found some confusing (to us) behaviour.
When a user attempts to login but the IEntityLoginManager decides they are invalid we return null as the IPrincipal. This is reflected correctly at the client end, but all subsequent calls to LoginAsync bypass the server call, presumably because they have decided that the client (not user) is already logged in.
I've seen mentioned that instead of returning null we should throw an exception, but this makes automated testing very messy, and throwing exceptions is a very expensive way of returning a fail condition.
Why does the call to LoginAsync not resend the request if the user in the current session's iPrincipal is unauthenticated? This blending of the concepts of client 'logged in' and user 'logged in' is quite strange, and makes the logic in the SL client cumbersome and confusing.

How exactly is the SL client supposed to handle this process? An example showing a failed attempt followed by a successful one would be very helpful.

Cheers,
 Jason


Replies:
Posted By: kimj
Date Posted: 08-Jun-2009 at 12:02pm
A couple of issues here -
 
1) LoginAsync (and Login) currently always check if the client (user) is logged in, and if so don't attempt to login again.  This check looks at the internal token representing the client session and not at the actual user credentials.
 
2) Client vs. user login - You're right that we do couple these and probably should not.  We also assume that a failed login results in a LoginException, otherwise the login is considered successful.  I'll open a feature request to see what we can do to break the linkage between the internal token used for a client session vs. the authentication logic of a user login.
 
For now, if you can't throw a LoginException then you'll first need to call LogoutAsync when the user fails authentication prior to attempting another login.
 
 


Print Page | Close Window