Solved

How to make a Silverlight app use Windows authentication

Posted on 2011-09-30
4
965 Views
Last Modified: 2012-05-12
I'm trying to get my first SL app to work using Windows authenticaion but I'm not having any luck. I have followed a couple of tutorials but no luck.
I have created a SL Business app and changed the following settings:
In AuthenticationServicec.cs I added RequiresSecureEndpoint
  [EnableClientAccess(RequiresSecureEndpoint = true)]
   public class AuthenticationService : AuthenticationBase<User> { }

In the web.config I changed the Authentication mode to "Windows"

When I try to run on my machine using localhost the app opens and I see authenticating... when there used to be  Login and after about 30 seconds I get an error asking me how I want to debug.
In the error box it says I'm getting An unhandled Exception code 4004
Message: ServiceModel.DomainServices.Client.DomainOperationsException

I tried to publish to my Dev IIS Server and run it from a browser and I get promted to log in but after logging in I get theerror in the SilverlightError.jpg file
Not sure where to go from here, doesn't seem like there is a lot of documentation out there on Windows authentication which really surprises me since it seems like SL is more of a LOB app than anything.
Any help will be greatly appreciated.

 

Syste.ServiceModel.DomainServices.Client.DomainOperationException:
SilverlightError.JPG
0
Comment
Question by:AkAlan
  • 2
  • 2
4 Comments
 
LVL 29

Expert Comment

by:pwindell
Comment Utility
Silverlight has never (in its history) been able to properly authenticate with a CERN Compliant Web Proxy that requires authentication.

If the Proxy happens to be ISA Server or TMG then you have the option of:

You need Silverlight to be "proxy agnostic" (to be completely unaware that the proxy exists).  The only way to do that is to remove the proxy settings from the Browser.  This will limit the client machine to running as a Firewall Client or a SecureNAT Client.  Since SecureNAT Clients are not capable of authentication,...the only option you have left is the run the machine as a Firewall Client.  The Client machine can also still run as a SecureNAT Client for non-TCP or non-UDP protocols.

If the Proxy is not ISA Server or TMG then you are pretty much screwed.  You will have to have the Proxy allow communication anonymously or you simply will not be able to run it with a proxy.

Save yourself a bunch of trouble,...run as far and as fast from Silverlight as you can.  Go with a Flash Application or a JAVA Application,...however there have been times I have seen Apps based on those have similar trouble.
0
 
LVL 6

Accepted Solution

by:
AkAlan earned 0 total points
Comment Utility
Not sure what CERN is but I was able to get my application to authenticate.
Default web.config settings point the membership and role providers to be SQL based, not Windows. Had to change the settings like this:

<authentication mode="Windows">
      <!--<forms name=".D008_ASPXAUTH" timeout="2880" />-->
    </authentication>

      <membership defaultProvider="ADMembershipProvider">
          <providers>
              <add name="ADMembershipProvider" applicationName="/" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" connectionProtection="Secure"/>
          </providers>
      </membership>

    <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
      <providers>
        <clear />
        <!--<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />-->
        <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
      </providers>
    </roleManager>
    <profile enabled ="false">
      <!--<providers>
        <clear />
        <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
      </providers>
      <properties>
        <add name="FriendlyName" />
      </properties>-->
    </profile>

Open in new window

0
 
LVL 6

Author Closing Comment

by:AkAlan
Comment Utility
Was able to solve my issue with MS help.
0
 
LVL 29

Expert Comment

by:pwindell
Comment Utility
Ok, sounds good.

I don't remember what "CERN" stands for,...I think the "E" is European but I don't remember the rest.  But there are standards that a "web proxy" should follow and it is a reference to that.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
Whether you've completed a degree in computer sciences or you're a self-taught programmer, writing your first lines of code in the real world is always a challenge. Here are some of the most common pitfalls for new programmers.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now