DevForce 2010: How to use DevForce entities in authentication

Print Page | Close Window

How to use DevForce entities in authentication

Printed From: IdeaBlade
Category: DevForce
Forum Name: DevForce 2010
Forum Discription: For .NET 4.0
URL: http://www.ideablade.com/forum/forum_posts.asp?TID=3272
Printed Date: 13-May-2026 at 9:40am

Topic: How to use DevForce entities in authentication

Posted By: alexander
Subject: How to use DevForce entities in authentication
Date Posted: 20-Feb-2012 at 6:16am

I'm attempting to implement my own ASP.NET providers (such as the MembershipProvider) using DevForce entities, but I'm encountering nothing but issues.

If I set "allowAnonymousLogin" to "false" then any attempt to access entities causes an exception, like in this code:

User user = entities.Users.AddIncludePaths( "ParentUser", "UserSetting" ).SingleOrDefault( u => u.Username == username && u.ParentUser != null );

It throws a LoginException with the following message: "The current user is not authorized, and guest access is not allowed."

Help would be appreciated.

Replies:

Posted By: sbelini
Date Posted: 20-Feb-2012 at 1:57pm

Hi Alexander,

You need to have anonymous access enabled in IIS otherwise, you will not be able to access public resources (ie. login and/or registration).

What you could do is to decorate your entities with [RequiresAuthorization] and/or [RequiresRoles] (more on that in the http://drc.ideablade.com/xwiki/bin/view/Documentation/query-security-attribute - DevForce Resource Center ).

As an alternative, you could also intercept the query and validate the access to data based on user there.

Regards,

Silvio.

Posted By: alexander
Date Posted: 20-Feb-2012 at 10:38pm

I think you misunderstood my problem. This is not taking place in IIS, this is taking place in Cassini, during Visual Studio development. In any case, the problem is not an IIS problem, but a DevForce problem. "allowAnonymousLogin" is a DevForce setting in web.config.

Also, I'm not sure how RequiresAuthorization or RequiresRoles will help. This problems happens DURING authentication, so how would requiring a user to be authorized or in a role help when the user isn't even logged in yet?

Query interception? Just to implement a MembershipProvider? That seems just a bit excessive to me...

Posted By: sbelini
Date Posted: 21-Feb-2012 at 11:30am

Hi Alexander,

Sorry for the confusion.

AllowAnonymousLogin will determine if guest users can login to your application to use DevForce services such as query and save. In your scenario, since you are not logged it yet, it obviously won't allow the query.

Can you give more details on what you are trying to do?

Why are you trying to query within your login manager? It wouldn't make sense to allow a query from a guest user there if AllowAnonymousLogin is set to true.

Silvio.

Posted By: katit
Date Posted: 21-Feb-2012 at 11:45am

I think I know what is the problem..

Alexander

You need to use your custom LoginManager (inherited from IEntityLoginManager)

Inside, you will implement

IPrincipal Login(ILoginCredential credential, EntityManager manager)

EntityManager that will be passed there - will be "magic" one that you can use for the data access to get permission and check access against database. Check documentation on how to write custom LoginManager

In my application I also use custom SourceKeyResolver and there I _had_ to use other means to access data, not DevForce because I was getting catch 22 situation.

Posted By: alexander
Date Posted: 24-Feb-2012 at 12:54am

Katit: You are correct, I ended up having to use that magic EntityManager to get around my issue. I still wanted to use the ASP.NET security and the AspAuthenticatingLoginManager, so what I did was this:

public class MyAspAuthenticatingLoginManager : AspAuthenticatingLoginManager, IEntityLoginManager
{
    private static void SetProviderEntityManager( EntityManager entityManager )
    {
        MyMembershipProvider membershipProvider = Membership.Provider as MyMembershipProvider;
        if( membershipProvider != null )
            membershipProvider.AuthenticatedEntityManager = entityManager;

        MyRoleProvider roleProvider = Roles.Provider as MyRoleProvider;
        if( roleProvider != null )
            roleProvider.AuthenticatedEntityManager = entityManager;

        MyProfileProvider profileProvider = ProfileManager.Provider as MyProfileProvider;
        if( profileProvider != null )
            profileProvider.AuthenticatedEntityManager = entityManager;
    }

    public new IPrincipal Login( ILoginCredential credential, EntityManager entityManager )
    {
        SetProviderEntityManager( entityManager );

        return base.Login( credential, entityManager );
    }

    public new void Logout( IPrincipal principal, EntityManager entityManager )
    {
        SetProviderEntityManager( entityManager );

        base.Logout( principal, entityManager );
    }
}

As you can see, I'm passing the magic entityManager over to my custom ASP.NET Provider classes before I let the AspAuthenticatingLoginManager do its thing.

Posted By: katit
Date Posted: 24-Feb-2012 at 4:48am

In my experience MembershipProvider will only take you that far. Testability - 0

I ended up writing my own MembershipService, but I needed some specific stuff

Posted By: alexander
Date Posted: 29-Feb-2012 at 2:07am

Well, as soon as one problem is solved, another one pops up.

When using the WCF Authentication Service, after configuring it properly, you simply make a call in the client app, like so:

if( System.Web.Security.Membership.ValidateUser( "alexander", "password" ) )
{
    Content = "LOGGED IN";
}
else
{
    Content = "DIDN'T LOG IN";
}

which magically ends up calling the ValidateUser method on the MembershipProvider on the server. As you can see from my implementation above, my MembershipProvider requires the magic EntityManager that gets supplied by the IEntityLoginManager. When using the WCF Authentication Service, the IEntityLoginManager is bypassed, and the call to ValidateUser is direct, which means that my "AuthenticatedEntityManager" property is null.

Is there something I can do to acquire that "magic" EntityManager in some other way or otherwise get around the whole Entity authentication issue some other way? All these obstacles I keep running into are getting just a smidgen annoying...

Posted By: katit
Date Posted: 29-Feb-2012 at 8:56am

This is why memebership provider not good.

Don't use it like this if you want to use DevForce for data access.

You can simply say

var myEntityManager = new AppEntityManager();

myEntityManager.Login();

And than inspect how that went.

Basically, if you ARE using DevForce for data access - start with EntityManager everywhere.

Print Page | Close Window