Solved

How to make a Silverlight app use Windows authentication

Posted on 2011-09-30
4
972 Views
Last Modified: 2012-05-12
I'm trying to get my first SL app to work using Windows authenticaion but I'm not having any luck. I have followed a couple of tutorials but no luck.
I have created a SL Business app and changed the following settings:
In AuthenticationServicec.cs I added RequiresSecureEndpoint
  [EnableClientAccess(RequiresSecureEndpoint = true)]
   public class AuthenticationService : AuthenticationBase<User> { }

In the web.config I changed the Authentication mode to "Windows"

When I try to run on my machine using localhost the app opens and I see authenticating... when there used to be  Login and after about 30 seconds I get an error asking me how I want to debug.
In the error box it says I'm getting An unhandled Exception code 4004
Message: ServiceModel.DomainServices.Client.DomainOperationsException

I tried to publish to my Dev IIS Server and run it from a browser and I get promted to log in but after logging in I get theerror in the SilverlightError.jpg file
Not sure where to go from here, doesn't seem like there is a lot of documentation out there on Windows authentication which really surprises me since it seems like SL is more of a LOB app than anything.
Any help will be greatly appreciated.

 

Syste.ServiceModel.DomainServices.Client.DomainOperationException:
SilverlightError.JPG
0
Comment
Question by:AkAlan
  • 2
  • 2
4 Comments
 
LVL 29

Expert Comment

by:pwindell
ID: 36906356
Silverlight has never (in its history) been able to properly authenticate with a CERN Compliant Web Proxy that requires authentication.

If the Proxy happens to be ISA Server or TMG then you have the option of:

You need Silverlight to be "proxy agnostic" (to be completely unaware that the proxy exists).  The only way to do that is to remove the proxy settings from the Browser.  This will limit the client machine to running as a Firewall Client or a SecureNAT Client.  Since SecureNAT Clients are not capable of authentication,...the only option you have left is the run the machine as a Firewall Client.  The Client machine can also still run as a SecureNAT Client for non-TCP or non-UDP protocols.

If the Proxy is not ISA Server or TMG then you are pretty much screwed.  You will have to have the Proxy allow communication anonymously or you simply will not be able to run it with a proxy.

Save yourself a bunch of trouble,...run as far and as fast from Silverlight as you can.  Go with a Flash Application or a JAVA Application,...however there have been times I have seen Apps based on those have similar trouble.
0
 
LVL 6

Accepted Solution

by:
AkAlan earned 0 total points
ID: 36907008
Not sure what CERN is but I was able to get my application to authenticate.
Default web.config settings point the membership and role providers to be SQL based, not Windows. Had to change the settings like this:

<authentication mode="Windows">
      <!--<forms name=".D008_ASPXAUTH" timeout="2880" />-->
    </authentication>

      <membership defaultProvider="ADMembershipProvider">
          <providers>
              <add name="ADMembershipProvider" applicationName="/" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" connectionProtection="Secure"/>
          </providers>
      </membership>

    <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
      <providers>
        <clear />
        <!--<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />-->
        <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
      </providers>
    </roleManager>
    <profile enabled ="false">
      <!--<providers>
        <clear />
        <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
      </providers>
      <properties>
        <add name="FriendlyName" />
      </properties>-->
    </profile>

Open in new window

0
 
LVL 6

Author Closing Comment

by:AkAlan
ID: 36935312
Was able to solve my issue with MS help.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 36910513
Ok, sounds good.

I don't remember what "CERN" stands for,...I think the "E" is European but I don't remember the rest.  But there are standards that a "web proxy" should follow and it is a reference to that.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A theme is a collection of property settings that allow you to define the look of pages and controls, and then apply the look consistently across pages in an application. Themes can be made up of a set of elements: skins, style sheets, images, and o…
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question