Client Application Services - Part 2: ASP Alliance

Print Add To Favorites Email To Friend Rate This Article
Client Application Services - Part 2

page 7 of 10

by Bilal Haidar
Feedback

Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 46282/ 115

Article Contents:

Testing the solution

When you first run the application, the Login form will popup asking you to enter your credentials as shown in Figure 4.

Figure 4: Login form

Once you enter your correct credentials, the main form will be displayed with all the data bound to it retrieved from the remote authentication and authorization services as shown below.

Figure 5: Main application form

As you can see, there is a welcome message for the user together with the authentication type which is, in this case, of type ClientForms. Finally, a DataGridView is showing the roles the currently logged in user belongs to.

« (Page 6)

View Entire Article

(Page 8) »

User Comments

Title: Continuing last comment
Name: Krishna Vedula
Date: 2010-04-04 7:22:11 PM
Comment:
Hello Bilal

Looks like there is a limit on the length of the comment. So, here are my details

Krishna Vedula
krishna@ntc-us.com

Title: How to pass the user context back to server
Name: Krishna J Vedul
Date: 2010-04-04 7:21:12 PM
Comment:
Hello Bilal,

Great Series of articles going in depth in to each of the security topics. I found this very helpful. This helped me get a general direction for the project I am working on currently. However, I have come across a road-block in all articles related to Client Application Services across many sites and was not able to get much help in that regard.

What I am trying exactly is to have the same Authentication framework for my Web front-end as well as the Web interface. With Client Application Services, I am able to get that as explained by you clearly. I also get the roles of the user, so I control what to show and what not to show. Great so far.

I am going to the next level, where my Desktop application is connecting back to the same server (that server the authentication as well as web-content) to get some data. Here I have created some facades (aspx) to parse the request data and send the response as XML. I am able to use the same business objects with some custom aspx files for xml transformation. But, I am getting an error in the business layer if I put any security role restrictions.

How do I pass the Thread.CurrentPrincipal.Identity which has all the roles back to through the web request so that the security framework on the server would not throw any execptions.

a) Code I am using to create a request on the client is

HttpWebRequest req = (HttpWebRequest)WebRequest.Create(@"http://localhost:55555/AppServices/GetAdminData.aspx");
req.Method = WebRequestMethods.Http.Post;

b) Security Permissions on the server are like

[PrincipalPermissionAttribute(SecurityAction.Demand, Role="admin")]
public void ProcessRequest()
{

If I could pass all the cookies that come from user authentication back to server as part of the request, then I woudl get over the problem. But with Membership.ValidateUser I do not get any cookies. Then how do I pass them?

The SaveUserSettings seems to send the user

Title: Good Article
Name: Adron
Date: 2008-10-20 12:07:25 AM
Comment:
Good write up. I'm working through multiple scenarios right now with this, so it is interesting to read and helpful.

Thx.