Silverlight 4 - authentiation / authorization against custom wcf service
I have a wcf service in front of an AzMan store that passes roles and operations to clients using the following interface:
[OperationContract]
bool AuthenticateUser(string password, string appName);
[OperationContract]
string[] GetRoles(string storelocation, string appName);
[OperationContract]
string[] GetOperations(string storeLocation, string appName, string selectedRole);
Clients connect to this service using windows authentication (but users must send their password thr开发者_StackOverflow社区ough to reaffirm their identity). Ultimately the service delivers an array of operations that each client can perform based on their selected role.
I've opened a new Silverlight Business Application and tried to understand how authentication/authorization works in this template, as well as scoured the web to find examples to how to hook my webservice to the login box already created in the template, but I am completely at a loss as how to do this!
Can anyone offer any advice?
The Business application template has an AuthenticationService, that is based on the User object and the AuthenticationBase class. AuthenticationBase has virtual methods that you can override to use your own security mechanisms.
For example, there is a Login method, based on a username and a password. This method returns a IUser that has a name and roles.
After looking at your interface, I'd create a sub-interface of IUser to include the list of allowed operations and change the generated User class to implement this sub-interface. And I'd override the Login and related methods in AuthenticationService to use your existing Azman-based code.
精彩评论