Authentication in Silverlight using WCF and ASP.NET Membership Provider
Posted by: Mahesh Sabnis
in Category Silverlight 2, 3, 4 and 5
Abstract: WCF has provided many benefits for developing secure, scalable distributed applications. One of the nice features of WCF service security is its integration with ASP.NET Membership provider. Using this provider, a caller can be authenticated by the WCF service against the user credentials stored in the SQL Server ASPNETDB database. In this article, we will see how a Silverlight client caller can be authenticated against the WCF service using this membership provider.
WCF has provided many benefits for developing secure, scalable distributed applications. One of the nice features of WCF service security is its integration with ASP.NET Membership provider. Using this provider, a caller can be authenticated by the WCF service against the user credentials stored in the SQL Server ASPNETDB database.
Recently while conducting a training for my clients for ASP.NET and Silverlight 4.0, one of my participants has asked me a question regarding integration between WCF services, ASP.NET Membership provider and authenticating the Silverlight client caller against the WCF service using this membership provider, instead of creating any other custom authentication class. It was a great question and I thought of sharing the solution through this article. Make sure you read my recently published article on Silverlight 4.0 - Secure Communication to WCF service using Custom User Name and Password Validator
Creating WCF Service with Custom Binding and SSL
Step 1: Open VS2010 and created a blank solution, name it as ‘SILV4_ASPNETMembershipProvider_WCF’. In this solution, add a WCF service application and name it as ‘WCF_SecureService’.
Step 2: Rename ‘IService1.cs’ to ‘IService.cs’. Add the following code in ‘IService.cs’:
Step 3: Rename ‘Service1.svc’ to ‘Service.svc’ and write the following code in it:
Step 4: Open the web.config file, add the connection string for the database which contains user credentials and also define ASP.NET membership provider. Configure this provider in the service behavior so while verifying, the caller WCF service will load this membership provider. Also use ‘CustomBinding’ with https transport and define its ‘authenticationMode’ to ‘UserNameOverTransport’ so that the caller has to send the user credentials for making a call to WCF service. The web.config file is as shown below:
Step 5: Publish the service in IIS in HTTPS transport SSL enabled pool. The process of creating Web Site with SSL configuration is explained in one of my previous articles. Test the service.
Step 6: Create users in ASPNETDB database using Web Administration tool.
Creating Silverlight 4.0 client application
We will now create the Silverlight client application. This application contains the proxy of the WCF service created above.
Step 1: In the solution created above, add a new Silverlight 4.0 application. Name it as ‘SIlv4_ClientApp’. Add the service reference of the WCF service. Name it as ‘MyRef’. The ‘ServiceReferences.ClientConfig’ will be created as shown below:
Note: I have hosted the WCF service on IIS 7.0 on Windows Server 2008 R2. This machine is a domain controller with the name “machine-server.domain.com”
Step 2: Open MainPage.xaml, add the DataGrid and Button on using Drag-Drop facility as below:
Step 3: On the click event of the button write the following code:
The above code defines an instance of the proxy of WCF service. Using the ‘ClientCredentials.UserName’ property of the Proxy, the credentials are passed to the WCF service. If this credentials are present in the ‘aspnet_users’ table of ‘ASPNETDB’ database, the call will be processed by the WCF service, otherwise the exception related to the communication error will be thrown.
Step 4: Run the application, if the credentials passed are correct, then the following result will be returned:
In case of wrong credentials the following result will be generated:
Conclusion: The WCF service security integration with ASP.NET Membership provider is very useful while building Silverlight business applications. This feature reduces efforts of writing separate custom authentication mechanism for WCF service to authenticate the client.
The entire source code of this article can be downloaded over here