RIA Services: How can I create custom authentication?

Question

Hello,

I am working with the Silverlight RIA Services and I want to create custom authentication. This appears to be the only thing that has virtually no documentation (I've read through the entire RIAServicesOverview.docx).

Do you know of a way for me to create a customer authentication service? I don't want to use the default ASP.NET membership model. I don't know what interface or abstract class I need to implement - although I did find System.Web.Ria.ApplicationServices.IAuthentication.

Do I need to implement IAuthentication? If so, could you give me some advice on how to go about doing so? These are the following methods:

    public User GetUser();

    public User Login(string userName, string password, bool isPersistent, string customData);

    public User Logout();

    public void UpdateUser(User user);

I don't know how I would implement any of these (except for Login) - how could the service possibly know what user is currently logged in in order for Logout() to work?

I've been scouring the web in search of how to do this for hours, and I can't find anything that describes how to create a simple DomainService that can be used for authenticating a user in an "RIA-linked" Silverlight project.

If someone could shed some light on this, I'd be sincerely grateful.

Thanks,
Charles

[EDIT]
I found the RIA Services page on the MSDN Code Gallery. There's a section called Authentication Samples, which links to some great code samples. Check it out if you want to know more about how authentication works within RIA Services.

Answer 1

If you create a "Silverlight Business Application" you'll see how the template implements authentication. (Or just go here and download the template sample project.)

To simplify, here's the process I used:

First, I create a domain service (FooService) that derives from LinqToEntitiesDomainService where FooContext is my entity model. In it I add all the CRUD operations to access my custom DB table and return user profiles.

Next, create a concrete User class on the serverside by deriving from UserBase:

using System.Web.Ria;
using System.Web.Ria.ApplicationServices;

public class User : UserBase
{}

Finally, derive a class from AuthenticationBase and implement the following four methods:

[EnableClientAccess]
public class AuthenticationService : AuthenticationBase<User>
{
    private FooService _service = new FooService();

    protected override bool ValidateUser(string username, string password)
    {
        // Code here that tests only if the password is valid for the given
        // username using your custom DB calls via the domain service you
        // implemented above
    }

    protected override User GetAuthenticatedUser(IPrincipal pricipal)
    {
        // principal.Identity.Name will be the username for the user
        // you're trying to authenticate. Here's one way to implement
        // this:
        User user = null;
        if (this._service.DoesUserExist(principal.Identity.Name)) // DoesUserExist() is a call
                                                                  // added in my domain service
        {
            // UserProfile is an entity in my DB
            UserProfile profile = this._service.GetUserProfile(principal.Identity.Name);
            user.Name = profile.UserName;
            user.AuthenticationType = principal.Identity.AuthenticationType;
        }
        return user;
    }

    public override void Initialize(DomainServiceContext context)
    {
        this._service.Initialize(context);
        base.Initialize(context);
    }

    protected override void Dispose(bool disposing)
    {
        if (disposing)
            this._service.Dispose();
        base.Dispose(disposing);
    }
}

Answer 2

hi! I´m trying to do authentification from a users table i allready have in other DB.

I´m new to this SilverLight worl so could you please explain in more detail this process. Thakx...

Answer 3

Hi Nick Gotch. I also wanna do same thing as u. But I cannot implement FooService and FooContext for my Oracle DB. Can u explain that in detail ?

Thanx. Aziz.

Answer 4

Hi, i am Salvador Vidal. I want the same custom autentication With my database, i generate a EntityDataModel and his service with the entities "usuarios", "roles", etc.. well

Now i create a AuthenticationDomainService1 like this:

---

[EnableClientAccess]
public class AuthenticationDomainService1 : AuthenticationBase<User>
{
    // To enable Forms/Windows Authentication for the Web Application, 
    // edit the appropriate section of web.config file.
    //public override LoginOperation Login(LoginParameters parameters);
    //{
    //}
}

public class User : UserBase
{
    // NOTE: Profile properties can be added here 
    // To enable profiles, edit the appropriate section of web.config file.

    // public string MyProfileProperty { get; set; }
}

---

In this code, vs2010 create de class User that EntityObjectfrom UserBase. But i have my class usuarios that EntityObject from EntityObject. I need to replace user by usuarios , how...the inherit? that it's the correct way?

Can someone help me?

Answer 5

How About implementing IAuthorization interface?