I am working on a SL application, that uses WCF RIA services. I have to implement a Login Page, along with Auto Logout, if user remains idle for specified amoutn of time. Now since this is my first web based application. Am not sure how to Implement Auto Logout.
check this..
http://forums.silverlight.net/t/220571.aspx/1?Auto%20Logout%20
http://developersvoice.com/silverlight-auto-logout-user-after-10-minutes-of-inactivity.html
Related
I am doing a project in ASP.Net Core and Blazor Server App. There is a particular page or a component which happens to be confidential and hence this page is shown to the clients only after entering a OTP, and eventually, the Admin user requires to view the screen of the client's computer while working on this form.
Can this be implemented (Screen sharing of the remote computer and Viewing by the admin) by using SignalR alone ?
Thanks in advance!
I have 2 different applications, one is in Silverlight and another is a web application.
I need single sign-on for both.
Scenario is like: any user logged-in to the Silverlight application then there is a menu in that app to open the other web application in logged-in mode.
Both applications have different databases but the user name and password are same in both.
I am using the WCF services for the silverlight application.
Can anybody suggest a solution?
In my opinion you should use one DB for keep current session's token for each logged user. In this case isn't important where you logged you will take log-in token from this db.
I'm assuming you are using ASP.NET and Forms/other authentication and the Silverlight app is from the same web server.
first look at this link and the Silverlight Business application template from Visual Studio:http://msdn.microsoft.com/en-us/library/ee942449(v=VS.91).aspx
A more manual approach could include writing a WCF service that returns or sets the "UserToken" that you store in session on a successful login.
// the wcf service needs these attributes
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
[ServiceBehavior(InstanceContextMode = InstanceContextMode.PerSession)]
// a manual approach: successful login, create a webservice method to call from Silverlight to set the authentication
HttpContext.Current.Session.Add("currentUserToken", userToken);
FormsAuthentication.SetAuthCookie(this.EmailAddressUserControl1.EmailAddressTextBox.Text, false);
Forms Authentication will take care of logging you out on ASP.Net requests, but you'll have
to handle session timeouts one service requests yourself.
Context:
There are a few threads here on Stack and on Bing that talk about WCF and session sharing with ASP.NET. None satisfy my issue fully. So here goes:
I have an MVC site which also has a few services in the RouteTable under the path "/services". This all works really nice. I can call Controller actions and WCF service methods both.
I have enabled WIF and Federated Authentication with the Windows Azure Access Control Service (ACS). This also works nicely. I can login using Facebook, Google etc. and a session is clearly established on my site. I can call the MVC controller actions and the WCF methods. Inside the body of those the IPrincipal for the current user is set to my current session.
Now I want to be a good boy and use a custom ClaimsAuthenticationManager and a custom ClaimsAuthorizationManager. A weird problem now occurs:
The setup:
For this scenario I am logged in. I have a session. I can confirm this inside of the method bodies of my MVC controller methods and my WCF service methods. This means we can leave the custom ClaimsAuthenticationManager out of this since it is not being touched when I already have a session.
It's the custom ClaimsAuthorizationManager which causes my headache.
When I make a call to the MVC site I am authenticated with my session inside of the ClaimsAuthorizationManager.CheckAccess method AND also inside of the body of my MVC controller actions. So far so good.
The problem:
When I make a call to the WCF services I am NOT authenticated with my session inside of the ClaimsAuthorizationManager.CheckAccess method but I am authenticated (suddenly) as I hit my breakpoint inside of the WCF service method.
This just does not make any sense! It seems my session is not inflated inside of the ClaimsAuthorization manager but further down the pipeline when I hit my own WCF code the session is in place!
How can this be?
Cheers,
Magnus
It might be the Stackoverflow's problem, but when I copied your config into notepad++ I saw some junk characters in the AuthenticationManager type value:.
As the rest of the question goes, do you have <clear /> element before the elements that you show here?
Basic question here (I think), I was hoping someone could point me in the right direction. I don't know much about WCF but I'd like to create a web service to be called from an ASP.Net MVC application. The goal is to make sure only authorized ASP.Net users (we're using forms authentication) can call the web service, not just anyone. Are there tutorials out there I can look at on how to approach this? Many thanks.
I assume from the question that you don't care what the end (MVC) user ID is that is hitting the WCF service (in other words you don't need a specific authenticated user to hit the WCF so you can get the ID of that specific user (i.e. so you know that joeBobUser hit the WCF)). you just want to make sure that user is authenticated and authorized to use the site. You don't need every potential user of your MVC app to be authenticated/authorized.
As long as that is true, then my approach would be as follows:
run your MVC app as a specific, known user account (i.e. set up the app pool in IIS to runas a domain user such as yourdomain\youMvcAccount) instead of the default asp account. There are lots sites that have instructions on how to make this happen if you are not already running your mvc app as a domain user.
set up your WCF service endpoint configuration binding as WsHttp. Again, many sites describe how to do this. here's one that does it via GUI (I prefer hand-editing the config but whatever). So now your WCF service will only accept secure, authenticated requests
create your WCF client proxy in the MVC app. easiest way to do this (probably not best re: separation of concerns, but just to get started) is just add new web service and discover you WCF endpoint that way. Again, basic stuff easily googable if you don't know how to do that.
Now your MVC app will be making the call to the WCF service authenticated. However, at this point, any client authenticated in your domain can call the service. You are now accepting ONLY authenticated but ANY authorized user. All calls issued from your MVC app hitting the WCF will be from the identity yourDomain\yourMvcApp
Restrict authorization to the identity set in #1 restricting (authorizing) authenticated users can be done a number of ways. The get'r'done fast way (but not very flexible as any change requires recompile) is just to check the identity of the request is the same as the identity of your WCF service directly in your service call. Alternatively, you can set up more robust (with the concurrently more goo) options such as AzMan or other WCF authentication rule sets. Again, many sites have instructions on setting that sort of thing up after you have an authenticated user. Here is a SO question that limits authorization to a windows group post (I'd do it that way--more flexible but you need to add that user to a group on your domain), and another article that goes more into the details of WCF security and allowing only a specific user access to the service.
I have a Silverlight application that on a button opens an aspx page in a new browser window.
I want to pass some username/password details from Silverlight to the aspx page. My understanding is that I should be using WCF services to set the session state, which can then be retrieved from the aspx page.
I have followed what I think are the correct steps, but the aspx page refuses to see the state set by Silverlight.
What I have done is;
Created a WCF service that sets System.Web.HttpContext.Current.Session["Thing"]
On that service, set AspNetCompatibilityRequirements = Required and also set aspNetCompatibilityEnabled="true" on the web.config
My Silverlight application is able to set (and retrieve) session information using this WCF service successfully.
However when I get Session["Thing"] on the aspx page it is blank. Also if I set Session["Thing"] on the aspx page, Silverlight does not get it.
It's as if the two have different sessions - why is this?
Thanks in advance
Matt
Is it possible that the WCF service that your Silverlight client talks to is in a different web app (ie, is there more than one web project)? The default in-proc state provider is really per-appdomain, so if they're in different apps, you'd have two copies of your session state in two appdomains. If this is the case, just move the service code into the same webapp with the pages, and life is good. I can't think of any other explanation- I've done this plenty of times with no trouble.
As far as I can tell, if you open the page in a new browser window, it will create a new session. Your only hope of having the session shared is to create a shared object at the web server level (ugly).
Why don't you just pass the state as a querystring? Or open the page in an HtmlHost link text element withing SL?