views:

3110

answers:

2

I am currently developing a Silverlight 3 app that needs some sort of user authentication, because the data pulled from a WCF service is user specific. Target audience is the regular Internet - so there is no AD to authenticate against.

Here are some of the questions I have concerning that situation:

  • Is there a framework or other mechanism that would support me?
  • Would you recommend authentication within the Silverlight app or via outside mechanisms like forms auth? Which is more secure?
  • What about out-of-browser support?
+2  A: 

I would consider using the the authentication classes that exist in ASP.NET. You can then use .NET RIA Services (or even simply, WCF) to communicate with authentication service.

Consider this article as a primer.

billb
Do you have experience with this solution?
Tobias Hertkorn
Yes. I used SL3 and .NET RIA Services. It's a proof of concept application that I'm working on, but I can create and log users in remotely.
billb
+1  A: 

I used ASP.NET's authentication. Just use a MembershipProvider (or implement your own). Then go to http://www.silverlightshow.net/items/Accessing-the-ASP.NET-Authentication-Profile-and-Role-Service-in-Silverlight.aspx to check out how you can expose the authentication service.

Then in your WCF service, you do the following (hosted in ASP):

public class MyWCFService : IMyWCFService 
{
        // retrieve your UserId from the MembershipProvider
        private int GetUserId()
        {
            MembershipUser user = Membership.GetUser();
            int userId = (int)user.ProviderUserKey;
            return userId;
        }

        // check if user is authenticated
        private bool IsUserAuthenticated()
        {
            return HttpContext.Current.User.Identity.IsAuthenticated;
        }

        public void Subscribe()
        {
            if (!IsUserAuthenticated())
            {
                throw new SecurityException("You must be authenticated to be able to use this service.");
            }

            int userId = GetUserId();
            DoStuff(userId);
        }
}

Hope that helps.

R4cOON