WCF Ria Services - Active Directory Roles

January 26, 2010 at 9:02 PMdsoltesz

I ran into a issue using wcf ria services with windows authentication and getting the currently logged in users roles.  I followed the steps to enable windows authentication.

1. Change App.xaml to use Windows Authentication (By default the Silverlight Business Application template has Forms Authentication)

<Application.ApplicationLifetimeObjects>
        <app:RiaContext>
            <app:RiaContext.Authentication>
                <!--<appsvc:FormsAuthentication/>-->
                <appsvc:WindowsAuthentication/>
            </app:RiaContext.Authentication>
        </app:RiaContext>
</Application.ApplicationLifetimeObjects>

2. Change Web.config to use Windows Authentication

<!--The <authentication> section enables configuration
    of the security authentication mode used by
    ASP.NET to identify an incoming user.
-->
<authentication mode="Windows"/>

3. Load current user.  In your app.xaml.cs

 // This will automatically authenticate a user when using windows authentication
 RiaContext.Current.Authentication.LoadUser(this.Application_UserLoaded, null);

After the user loaded I then wanted to access the users AD roles. 

/// <summary>
///     Invoked when the <see cref="LoadUserOperation"/> completes. Use this
///     event handler to switch from the "loading UI" you created in
///     <see cref="InitializeRootVisual"/> to the "application UI"
/// </summary>
    private void Application_UserLoaded(LoadUserOperation operation)
        {
           foreach (var r in RiaContext.Current.User.Roles)
            {
                //do something
            }
        }

 However, RiaContext.Current.User.Roles.Count was always zero

I had missed a key step in my configuration that tells your app which role provider to use.

4.  Setup windows role provider in web.config

<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider"/>

After adding this setting to my web.config, all of my AD roles now appeared in RiaContext.Current.User.Roles

 

 

Posted in: c# | wcf ria services

Tags: , , ,

Submit to DotNetKicks...
Permalink | Comments (13)

Comments (13) -

Shailesh
United States Shailesh says:

Thank you very much ! defaultProvider gave me hard time

Reply

dan
United States dan says:

Thanks, glad this post was helpful

Reply

kartenlegen per e-mail
Germany kartenlegen per e-mail says:

Admiring the time and effort you put into your blog and detailed information you offer! I will bookmark your blog now. Thumbs up!

Reply

Olly
Caribbean Olly says:

What a really cool  blog!

Reply

Yvan
Canada Yvan says:

Hi Dan,

I was successful do this back in SL3 with RIA preview. I am trying to get it to work in SL4 with WCF Ria 1 and doesn't seem to work.
Any guidance?

Reply

dan
United States dan says:

Try setting in App.cs constructor instead of in xaml

// Create a WebContext and add it to the ApplicationLifetimeObjects            // collection.  This will then be available as WebContext.Current.            WebContext webContext = new WebContext();            webContext.Authentication = new WindowsAuthentication();            ((WindowsAuthentication)webContext.Authentication).DomainContext = new AuthenticationContext();            this.ApplicationLifetimeObjects.Add(webContext);

Reply

fel0niousmonk
United States fel0niousmonk says:

Hi Dan, I have a question regarding the roles and doing some more complicated customization of them.

The application I'm developing requires only that users are a member of a single AD group, but there will be roles defined in a database, specific to this application. (Don't want access to the application dependent on waiting for access change via IT)

What would you recommend for accomplishing this? Just off the top of my head, it would appear that creating a new RoleProvider derived from AspNetWindowsTokenRoleProvider is what I should be doing, but perhaps this is not the case.

Thanks!

Joe

Reply

dan
United States dan says:

If you want to get roles from a database then I would look at creating a custom role provider that derives from SqlRoleProvider which in turn dervices from RoleProvider. Then you would just change your web.config to use your new role provider

<configuration>
  <connectionStrings>
     <add name="MyDB" connectionString="..." />
  </connectionStrings>
  <system.web>
    ... authentication & authorization settings ...

    <roleManager enabled="true"
                 defaultProvider="CustomizedRoleProvider">
      <providers>
         <add name="CustomizedRoleProvider"
              type="System.Web.Security.SqlRoleProvider"
              connectionStringName="MyDB"
              applicationName="/" />
      </providers>
    </roleManager>
  </system.web>
</configuration>

Reply

joe
United States joe says:

If you want to use WindowsAuthentication AND get the roles for the user from the AspNetWindowsTokenRoleProvider, you also need to set the Roles collection on the User object prior to returning.

This is done like so:

return new User {
    FriendlyName = principal.Identity.Name,
    Name = principal.Identity.Name,
    Roles = System.Web.Security.Roles.GetRolesForUser(principal.Identity.Name)
};

Reply

asdfasdf
United States asdfasdf says:

RiaContext is not defined. app:RiaContext is not defined.

Apparently I have to write RiaContext myself. What is it? What does it do? What does it inherit from? Does any documentation exist? If it does, where may it be found?

Reply

asdf
United States asdf says:

Followed your directions:

RiaContext is not defined.
app:RiaContext is not defined.

Apparently I have to write RiaContext myself. What is it? What does it do? What does it inherit from? Does any documentation exist? If it does, where may it be found?

Reply

Osi
United States Osi says:

Ditto here. It looks like this blog have been abandoned?

Reply

dan
United States dan says:

The context object gets created for your when your using ria services.  Start with the silverlight business template.

Reply

Add comment

  Country flag

biuquote
  • Comment
  • Preview
Loading