Solved

How to make a Silverlight app use Windows authentication

Posted on 2011-09-30
4
976 Views
Last Modified: 2012-05-12
I'm trying to get my first SL app to work using Windows authenticaion but I'm not having any luck. I have followed a couple of tutorials but no luck.
I have created a SL Business app and changed the following settings:
In AuthenticationServicec.cs I added RequiresSecureEndpoint
  [EnableClientAccess(RequiresSecureEndpoint = true)]
   public class AuthenticationService : AuthenticationBase<User> { }

In the web.config I changed the Authentication mode to "Windows"

When I try to run on my machine using localhost the app opens and I see authenticating... when there used to be  Login and after about 30 seconds I get an error asking me how I want to debug.
In the error box it says I'm getting An unhandled Exception code 4004
Message: ServiceModel.DomainServices.Client.DomainOperationsException

I tried to publish to my Dev IIS Server and run it from a browser and I get promted to log in but after logging in I get theerror in the SilverlightError.jpg file
Not sure where to go from here, doesn't seem like there is a lot of documentation out there on Windows authentication which really surprises me since it seems like SL is more of a LOB app than anything.
Any help will be greatly appreciated.

 

Syste.ServiceModel.DomainServices.Client.DomainOperationException:
SilverlightError.JPG
0
Comment
Question by:AkAlan
  • 2
  • 2
4 Comments
 
LVL 29

Expert Comment

by:pwindell
ID: 36906356
Silverlight has never (in its history) been able to properly authenticate with a CERN Compliant Web Proxy that requires authentication.

If the Proxy happens to be ISA Server or TMG then you have the option of:

You need Silverlight to be "proxy agnostic" (to be completely unaware that the proxy exists).  The only way to do that is to remove the proxy settings from the Browser.  This will limit the client machine to running as a Firewall Client or a SecureNAT Client.  Since SecureNAT Clients are not capable of authentication,...the only option you have left is the run the machine as a Firewall Client.  The Client machine can also still run as a SecureNAT Client for non-TCP or non-UDP protocols.

If the Proxy is not ISA Server or TMG then you are pretty much screwed.  You will have to have the Proxy allow communication anonymously or you simply will not be able to run it with a proxy.

Save yourself a bunch of trouble,...run as far and as fast from Silverlight as you can.  Go with a Flash Application or a JAVA Application,...however there have been times I have seen Apps based on those have similar trouble.
0
 
LVL 6

Accepted Solution

by:
AkAlan earned 0 total points
ID: 36907008
Not sure what CERN is but I was able to get my application to authenticate.
Default web.config settings point the membership and role providers to be SQL based, not Windows. Had to change the settings like this:

<authentication mode="Windows">
      <!--<forms name=".D008_ASPXAUTH" timeout="2880" />-->
    </authentication>

      <membership defaultProvider="ADMembershipProvider">
          <providers>
              <add name="ADMembershipProvider" applicationName="/" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" connectionProtection="Secure"/>
          </providers>
      </membership>

    <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
      <providers>
        <clear />
        <!--<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />-->
        <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
      </providers>
    </roleManager>
    <profile enabled ="false">
      <!--<providers>
        <clear />
        <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
      </providers>
      <properties>
        <add name="FriendlyName" />
      </properties>-->
    </profile>

Open in new window

0
 
LVL 6

Author Closing Comment

by:AkAlan
ID: 36935312
Was able to solve my issue with MS help.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 36910513
Ok, sounds good.

I don't remember what "CERN" stands for,...I think the "E" is European but I don't remember the rest.  But there are standards that a "web proxy" should follow and it is a reference to that.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Whether you've completed a degree in computer sciences or you're a self-taught programmer, writing your first lines of code in the real world is always a challenge. Here are some of the most common pitfalls for new programmers.
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question