I am currently developing a Silverlight 3 app that needs some sort of user authentication, because the data pulled from a WCF service is user specific. Target audience is the regular Internet - so there is no AD to authenticate against.
Here are some of the questions I have concerning that situation:
- Is there a framework or other mechanism that would support me?
- Would you recommend authentication within the Silverlight app or via outside mechanisms like forms auth? Which is more secure?
- What about out-of-browser support?
I used ASP.NET's authentication. Just use a MembershipProvider (or implement your own). Then go to http://www.silverlightshow.net/items/Accessing-the-ASP.NET-Authentication-Profile-and-Role-Service-in-Silverlight.aspx to check out how you can expose the authentication service.
Then in your WCF service, you do the following (hosted in ASP):
public class MyWCFService : IMyWCFService
{
// retrieve your UserId from the MembershipProvider
private int GetUserId()
{
MembershipUser user = Membership.GetUser();
int userId = (int)user.ProviderUserKey;
return userId;
}
// check if user is authenticated
private bool IsUserAuthenticated()
{
return HttpContext.Current.User.Identity.IsAuthenticated;
}
public void Subscribe()
{
if (!IsUserAuthenticated())
{
throw new SecurityException("You must be authenticated to be able to use this service.");
}
int userId = GetUserId();
DoStuff(userId);
}
}
Hope that helps.
I would consider using the the authentication classes that exist in ASP.NET. You can then use .NET RIA Services (or even simply, WCF) to communicate with authentication service.
来源:https://stackoverflow.com/questions/1116271/silverlight-user-authentication