More on Integrating Silverlight with ASP.NET membership authentication

Ok, so strictly this should be entitled Integrating Web Services and ASP.NET membership authentication but it’s from a Silverlight client hence the title. So in my previous post I provided a link to a great article explaining how to get a Silverlight client to use ASP.NET membership features. The next step for me was how to a write a web service that will only allow calls from a Silverlight user who has signed in. Here is how I did it;

Assuming you have followed the previous post and now have a Silverlight client that can authenticate users via the membership providers then the next step is to write your web services.

1. Create Service
Although you can as a web service to the current ASP.NET site it’s probably more likely that you’ll want a separate web service project so Add->New Project->Web Service. If you’re using the default templates then you should see a HelloWorld web method created for you.

        [WebMethod]

        public string HelloWorld()

        {

            return "Hello World";

        }

2. Connect the Service to the same Membership database
As I mentioned in my previous post, you’re better off providing your own connection string for the membership store, so now you’ve created a new site you have to add the same connection string to the web service, something like;

  <connectionStrings>

    <remove name="LocalSqlServer"/>

    <add name="LocalSqlServer" connectionString="Data Source=.\MySQLServer;Initial Catalog=aspnetdb;Integrated Security=True" providerName="System.Data.SqlClient"/>

  </connectionStrings>


3. Add a reference from your Silverlight client to the service
In the Silverlight project Add Service Reference and press discover. If your service doesn’t show make sure you’ve built the project, VS sometimes won’t spot the new project until it has been built.

4. Add the code to call your service
Nothing special here except you may want to catch exceptions because the user isn’t authenticated (forgive the rubbish use of Execption here);

        private void TestService_Click(object sender, RoutedEventArgs e)

        {

            ServiceReference1.Service1SoapClient testService = new ApplicationServicesDemo.ServiceReference1.Service1SoapClient();

            testService.HelloWorldCompleted += new EventHandler<ApplicationServicesDemo.ServiceReference1.HelloWorldCompletedEventArgs>(testService_HelloWorldCompleted);

            testService.HelloWorldAsync();

        }

 

        void testService_HelloWorldCompleted(object sender, ApplicationServicesDemo.ServiceReference1.HelloWorldCompletedEventArgs e)

        {

            try

            {

                TestService.Content = "Test -" + e.Result;

            }

            catch (Exception)

            {

                TestService.Content = "Please sign in";

            }         

        }

To handle the exception correctly you need to delve into the inner exception but hopefully you get the idea.
5. Secure the web method
The easiest way to secure the method is to add a System.Security.Permissions attribute to the method;

        [WebMethod]

        [PrincipalPermission(SecurityAction.Demand, Authenticated = true)]

        public string HelloWorld()

        {

            return "Hello World";

        }

There you have it. One "secure" web service. If your user is authenticated via membership then they’ll have access, if they don’t then the service will tell a white lie and say the service doesn’t exist.

Advertisements
This entry was posted in Silverlight. Bookmark the permalink.

3 Responses to More on Integrating Silverlight with ASP.NET membership authentication

  1. Jonas Garcia says:

    hi Pauliom, i wanna know which was your previous post about integrating Asp.Net Membership on Silverlight app …it would be helpfull thx

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s