Silverlight 4 Authentication using session variables

This code snippet provide light on implementing the same functionality for my application.  

In my implementation, I need to use the session variable to do the authentication without a log in screen.  
It looks like I can
1.  store the session values in hidden text boxes ?
2. uses the the values to check two database tables?
3. If the user is not authentication, display a message
4. update another table with the attempted login
5. disable navigation to other pages if not authenticated.

Is this possible?  If so, what steps to I take?
Annette Wilson, MSISSr. Programmer AnalystAsked:
Who is Participating?
 
Annette Wilson, MSISSr. Programmer AnalystAuthor Commented:
The requirement for this solution was that I do all of the authentication and authorization in the background and not present the user with a login screen.  

This solution custom.  

1. I used WCF Ria Web Service which allowed me to access the users identity.  
2. Because of the requirements, I used the identity to retrieve additional data regarding the department and role of the user from a database on another server.
3. I used Isolated storage to save the data (user name, ID, Department).
4. For each module within the application that the user accessed, Isolated storage was checked and the user was authorized to see the appropriate data or denied access.
0
 
nmarunCommented:
Here's what I understand of your question (as I don't see the code-snippet you've mentioned)

Your Silverlight application is hosted in an asp.net page. Your asp.net page has a session variable that stores if the user is authenticated or not. Based on this value you want to enable/disable some controls in your SL app.

If I'm not even close, then stop reading.

You need some kind of service (web service or WCF service or RIA service).

Here's a link that talks about using a RIA service:
http://peterkellner.net/2010/01/25/authentication-and-authorization-using-ria-services-article-7-of-7/

Thanks,
Arun
0
 
Annette Wilson, MSISSr. Programmer AnalystAuthor Commented:
Arun,
Thank you for your response.  
I have included the code snippet from the related question.  I do understand that I need an authentication service.  Just don't know how I can get the session info and pass it to login controls so that the without the user having to perform the log in process.

using System;
using System.Collections.Generic;
 
namespace SessionDemo
{
    public static class SessionManager
    {
        private static Dictionary<string, object> session = new Dictionary<string, object>();
 
        public static Dictionary<string, object> Session
        {
            get { return SessionManager.session; }
            set { SessionManager.session = value; }
        }
    }
}
 
 
 
 
SETTING :
 
SessionManager.Session["uname"] = "kunal";
 
 
GETTING :
 
txbUname.Text = SessionManager.Session["uname"].ToString();

Open in new window


0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
nmarunCommented:
Where is this class located - ASP.NET site or the SL application?

Arun
0
 
Annette Wilson, MSISSr. Programmer AnalystAuthor Commented:
The code I posted was from another user's resolved question so I really don't know where the class should be located.  

I just stumbled upon a post that may help.  It looks like I can create a WebContext class on the client in the Silverlight application then pass information from the server to the client.

This session manager class may have to be put on the server side.    

Is it possible to tell me the steps I need to take for my scenario?
http://www.nikhilk.net/RIAServices-Authentication.aspx

First thing I have to figure out is how to configure my Silverlight Application to use the tables I have loaded in the Entity Model for authentication and timestamped login data.  How do I use the ASP.Net Configuration Manager to do this?
0
 
Annette Wilson, MSISSr. Programmer AnalystAuthor Commented:
Due to this company's internal requirements and governance, I could not use the normal authentication services.  Had to create a completely customized authentication and authorization solution.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.