Performing Authentication

Topics: CAB & Smart Client Software Factory
Oct 26, 2005 at 7:22 AM
originally posted by: JohnReynolds11

Ok, I figured out how to filter the modules by the roles that have been defined within the principal.

I'm good with physically authenticating a set of credentials and building the identity and the principal.

I just now need the assistence at knowing where and how to integrate this in to the startup process.

<?xml version="1.0" encoding="utf-8" ?>
<SolutionProfiles xmlns="http://schemas.microsoft.com/pag/cab-profile"
DefaultProfile="MyShell">
<SolutionProfile Name="MyShell">
<Description>Module used by the ShellApplication example</Description>
<Modules>
<ModuleInfo AssemblyFile="MyModule.dll">
<Roles>
<Role Allow="Tester" />
</Roles>
</ModuleInfo>
</Modules>
</SolutionProfile>
</SolutionProfiles>
Oct 26, 2005 at 7:27 AM
originally posted by: wanderer1

Hi,
From your comments above, I take it that you are using CAB 2 in a web application. Is that correct?

If you are, then are you using user controls as smartitems?
If you could give some explanation on your design approach for the web application , I would appreciate it.

Thanks
Oct 26, 2005 at 8:12 AM
originally posted by: JohnReynolds11

We have a couple of goals we would like to achieve in a 32bit app:

1. Override the default Authentication module
2. Pop-up to prompt for the user / password
3. Only load modules that the user is authorized to use
(In priority order of need)

Can you give some advice on how to do this. Do I need to override the run method to control the order and activities?

Can someone share some ideas, as I don't want to go down the wrong path.
Oct 26, 2005 at 8:15 AM
originally posted by: JohnReynolds11

My bad, it's a 32 bit application that I am working on, not a web app.

I'm trying to figure out how to do just a basic username password prompt, and then use that to authenticate (overriding the default IAauthenticationService) with the user name and password.

Then when the modules get loaded, they would be filtered by the roles I defined in the principal object.

I'm just struggling because the WorkItems are not really invoded before the authentication needs to happen.

So, I'm baffled on where to prompt for the user name password, and how to correctly override this IAuthenticateService. It allows me to define a single authenticate that takes no parms and returns void. Is this the wrong service to be overriding?

How can I get the authentication to happen before the load modules?

public void Run()
{
RegisterUnhandledExceptionHandler();
Builder builder = CreateBuilder();
AddBuilderStrategies(builder);
CreateRootWorkItem(builder);
AddRequiredServices();
AddConfiguredServices();
AddServices();
AuthenticateUser();
ProcessShellAssembly();
rootWorkItem.BuildUpYourself();
LoadModules();

rootWorkItem.Run();
Start();

rootWorkItem.Dispose();
Oct 26, 2005 at 8:38 AM
originally posted by: BradWilsonMSFT

Nope, you're on the right path.

Replace the IAuthenticationService with your own. If you fail, then throw an exception (which you can catch out in Main, so that it doesn't bubble up as an unhandled exception). You can look at what we do in our authentication service as an example of setting the principal on the thread, if that's what you want to have done at the end. Some of our unit tests around the authentication service also may offer some help here.
Oct 26, 2005 at 8:53 AM
originally posted by: JohnReynolds11

We've used the app.config to load the service for the authentication.
We then had that class that is based on the IAuthenticationService, pop-up a logon/password dialog, to get the user credentials.

We'll use that to do the authentication, and then allow us to dynamically load the modules.

We plan to actually code the authentication service to use a web service call to a web service, that will then actually do the authentication with a legacy server (Java). We'll return a token then to the web service proxy and then add that to the headers going forward. We'll then probably create a security context and store that out on the cab's glocal application context so that as we load other services, that they can access the shared token to access the back end web services..

Still sound like were on the right path around this? (Short of the java backend piece)

Also here was the app config to override the service on startup:

<configSections>

<section name="CompositeUI" type="Microsoft.Practices.CompositeUI.Configuration.SettingsSection, Microsoft.Practices.CompositeUI" allowExeDefinition="MachineToLocalUser" />

<section name="enterpriselibrary.configurationSettings" type="System.Configuration.IgnoreSectionHandler, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />

</configSections>

<CompositeUI>

<services>

<add serviceType="Company.AppName.Platform.Interfaces.IAuthentication, Platform" instanceType="Company.AppName.Security.AuthenticationAgent.AuthenticationAgent, AuthenticationAgent">

</add>

</services>

</CompositeUI>
Oct 26, 2005 at 9:01 AM
originally posted by: BradWilsonMSFT

Yep, all aounds good!