Authentication in Silverlight using WCF and ASP.NET Membership Provider

Posted by: Mahesh Sabnis , on 12/21/2010, in Category Silverlight 2, 3, 4 and 5
Views: 29609
Abstract: WCF has provided many benefits for developing secure, scalable distributed applications. One of the nice features of WCF service security is its integration with ASP.NET Membership provider. Using this provider, a caller can be authenticated by the WCF service against the user credentials stored in the SQL Server ASPNETDB database. In this article, we will see how a Silverlight client caller can be authenticated against the WCF service using this membership provider.

WCF has provided many benefits for developing secure, scalable distributed applications. One of the nice features of WCF service security is its integration with ASP.NET Membership provider. Using this provider, a caller can be authenticated by the WCF service against the user credentials stored in the SQL Server ASPNETDB database.

Recently while conducting a training for my clients for ASP.NET and Silverlight 4.0, one of my participants has asked me a question regarding integration between WCF services, ASP.NET Membership provider and authenticating the Silverlight client caller against the WCF service using this membership provider, instead of creating any other custom authentication class. It was a great question and I thought of sharing the solution through this article. Make sure you read my recently published article on Silverlight 4.0 - Secure Communication to WCF service using Custom User Name and Password Validator

Creating WCF Service with Custom Binding and SSL

Step 1: Open VS2010 and created a blank solution, name it as ‘SILV4_ASPNETMembershipProvider_WCF’. In this solution, add a WCF service application and name it as ‘WCF_SecureService’.

Step 2: Rename ‘IService1.cs’ to ‘IService.cs’. Add the following code in ‘IService.cs’:

WCF IService 

Step 3: Rename ‘Service1.svc’ to ‘Service.svc’ and write the following code in it:

WCF Service Svc 

Step 4: Open the web.config file, add the connection string for the database which contains user credentials and also define ASP.NET membership provider. Configure this provider in the service behavior so while verifying, the caller WCF service will load this membership provider. Also use ‘CustomBinding’ with https transport and define its ‘authenticationMode’ to ‘UserNameOverTransport’ so that the caller has to send the user credentials for making a call to WCF service. The web.config file is as shown below:

WCF ASPNET Membership Config 

Step 5: Publish the service in IIS in HTTPS transport SSL enabled pool. The process of creating Web Site with SSL configuration is explained in one of my previous articles. Test the service.

Step 6: Create users in ASPNETDB database using Web Administration tool.

Creating Silverlight 4.0 client application

We will now create the Silverlight client application. This application contains the proxy of the WCF service created above.

Step 1: In the solution created above, add a new Silverlight 4.0 application. Name it as ‘SIlv4_ClientApp’. Add the service reference of the WCF service. Name it as ‘MyRef’. The ‘ServiceReferences.ClientConfig’ will be created as shown below:

Service References Client Config 

Note: I have hosted the WCF service on IIS 7.0 on Windows Server 2008 R2. This machine is a domain controller with the name “machine-server.domain.com”

Step 2: Open MainPage.xaml, add the DataGrid and Button on using Drag-Drop facility as below:

Get All Employees 

Step 3: On the click event of the button write the following code:

WCF Client Credentials Proxy 

The above code defines an instance of the proxy of WCF service. Using the ‘ClientCredentials.UserName’ property of the Proxy, the credentials are passed to the WCF service. If this credentials are present in the ‘aspnet_users’ table of ‘ASPNETDB’ database, the call will be processed by the WCF service, otherwise the exception related to the communication error will be thrown.

Step 4: Run the application, if the credentials passed are correct, then the following result will be returned:

Silverlight Get Employees 

In case of wrong credentials the following result will be generated:

Silverlight Communication Exception 

Conclusion: The WCF service security integration with ASP.NET Membership provider is very useful while building Silverlight business applications. This feature reduces efforts of writing separate custom authentication mechanism for WCF service to authenticate the client.

The entire source code of this article can be downloaded over here

Give me a +1 if you think it was a good article. Thanks!
Recommended Articles


Page copy protected against web site content infringement by Copyscape


User Feedback
Comment posted by Egil on Tuesday, January 4, 2011 5:30 AM
Hi, Thanks for a great article :-)

I am unable to Add Service Reference in Silverlight to my https address, and I suspect the reason is that when i goto
https://www.gamersworldmap.com/GWMServer/Game.svc
then is says that meta information is available at
https://eweb702.dotnetplayground.com/GWMServer/Game.svc?wsdl

I am not much into SSL but I suspect this strange "alias" thing is the cause of the problem since all works fine on the http installation.  

And worse, when I use forms authentication then after a successful login then it seems the authentication cookie is lost or not sent on subsequenct service requests.

Your comments on this would be greatly appreciated! Thanks in advance

Best regards
--Egil

Comment posted by Egil on Tuesday, January 4, 2011 5:33 AM
Hi, Thanks for a great article :-)

I am unable to Add Service Reference in Silverlight to my https address, and I suspect the reason is that when i goto
https://www.gamersworldmap.com/GWMServer/Game.svc
then is says that meta information is available at
https://eweb702.dotnetplayground.com/GWMServer/Game.svc?wsdl

I am not much into SSL but I suspect this strange "alias" thing is the cause of the problem since all works fine on the http installation.  

And worse, when I use forms authentication then after a successful login then it seems the authentication cookie is lost or not sent on subsequenct service requests.

Your comments on this would be greatly appreciated! Thanks in advance

Best regards
--Egil

Comment posted by Alex on Monday, January 24, 2011 1:10 PM
Thanks for your nice articles on silverlight and WCF.
from all your samples, you pass username and password hardcoded for each operation. In real world app, you cannot ask the customer to do enter credential for each click and it is not safe to save the password and reuse it. So how to deal with this issue?
Regards
Alex
Comment posted by Zapico on Monday, November 14, 2011 11:36 AM
I'm trying your example but it throws an exception when I try to run it.

After push the button, it calls the async method and it throws a exception that seems to me like it wouldn't have a proper clientaccesspolicy.xml (I have the exception only in spanish...).

I tried to look if it was been downloaded with fiddler and it isn't...

I've put the clientaccesspolicy.xml in the root, in the application directory, in its parent directory... I don't know where else to try...

Do you have any idea of what I'm I doing wrong?? Thanks in advance!!

Post your comment
Name:  
E-mail: (Will not be displayed)
Comment:
Insert Cancel