Solved

How to make a Silverlight app use Windows authentication

Posted on 2011-09-30
4
983 Views
Last Modified: 2012-05-12
I'm trying to get my first SL app to work using Windows authenticaion but I'm not having any luck. I have followed a couple of tutorials but no luck.
I have created a SL Business app and changed the following settings:
In AuthenticationServicec.cs I added RequiresSecureEndpoint
  [EnableClientAccess(RequiresSecureEndpoint = true)]
   public class AuthenticationService : AuthenticationBase<User> { }

In the web.config I changed the Authentication mode to "Windows"

When I try to run on my machine using localhost the app opens and I see authenticating... when there used to be  Login and after about 30 seconds I get an error asking me how I want to debug.
In the error box it says I'm getting An unhandled Exception code 4004
Message: ServiceModel.DomainServices.Client.DomainOperationsException

I tried to publish to my Dev IIS Server and run it from a browser and I get promted to log in but after logging in I get theerror in the SilverlightError.jpg file
Not sure where to go from here, doesn't seem like there is a lot of documentation out there on Windows authentication which really surprises me since it seems like SL is more of a LOB app than anything.
Any help will be greatly appreciated.

 

Syste.ServiceModel.DomainServices.Client.DomainOperationException:
SilverlightError.JPG
0
Comment
Question by:AkAlan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 29

Expert Comment

by:pwindell
ID: 36906356
Silverlight has never (in its history) been able to properly authenticate with a CERN Compliant Web Proxy that requires authentication.

If the Proxy happens to be ISA Server or TMG then you have the option of:

You need Silverlight to be "proxy agnostic" (to be completely unaware that the proxy exists).  The only way to do that is to remove the proxy settings from the Browser.  This will limit the client machine to running as a Firewall Client or a SecureNAT Client.  Since SecureNAT Clients are not capable of authentication,...the only option you have left is the run the machine as a Firewall Client.  The Client machine can also still run as a SecureNAT Client for non-TCP or non-UDP protocols.

If the Proxy is not ISA Server or TMG then you are pretty much screwed.  You will have to have the Proxy allow communication anonymously or you simply will not be able to run it with a proxy.

Save yourself a bunch of trouble,...run as far and as fast from Silverlight as you can.  Go with a Flash Application or a JAVA Application,...however there have been times I have seen Apps based on those have similar trouble.
0
 
LVL 6

Accepted Solution

by:
AkAlan earned 0 total points
ID: 36907008
Not sure what CERN is but I was able to get my application to authenticate.
Default web.config settings point the membership and role providers to be SQL based, not Windows. Had to change the settings like this:

<authentication mode="Windows">
      <!--<forms name=".D008_ASPXAUTH" timeout="2880" />-->
    </authentication>

      <membership defaultProvider="ADMembershipProvider">
          <providers>
              <add name="ADMembershipProvider" applicationName="/" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" connectionProtection="Secure"/>
          </providers>
      </membership>

    <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
      <providers>
        <clear />
        <!--<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />-->
        <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
      </providers>
    </roleManager>
    <profile enabled ="false">
      <!--<providers>
        <clear />
        <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
      </providers>
      <properties>
        <add name="FriendlyName" />
      </properties>-->
    </profile>

Open in new window

0
 
LVL 6

Author Closing Comment

by:AkAlan
ID: 36935312
Was able to solve my issue with MS help.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 36910513
Ok, sounds good.

I don't remember what "CERN" stands for,...I think the "E" is European but I don't remember the rest.  But there are standards that a "web proxy" should follow and it is a reference to that.
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
A hard and fast method for reducing Active Directory Administrators members.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question