Sunday, October 30, 2011

Authorization in Silverlight, part 1: Authorized navigation


As we know, Silverlight is very capable platform for building Line of Business applications today, both in and out of the browser. It’s come to the point that – at least in my experience – a lot of desktop applications are now built with Silverlight instead of WinForms, skipping over WPF completely.

With that in mind, it’s pretty weird that there’s an essential part that seems to be missing: authentication & authorization. When you look at the Silverlight Core CLR, there’s not much there concerning this – although it’s a no-brainer for business and enterprise applications: you need to make sure certain parts of your application are only available to users that are authenticated or have a specific role. Sure, you can use the hosting web page & ASP .NET authentication to ensure only authenticated persons can reach your Silverlight application, but there’s no out of the box way to enable or block a user from navigating to a specific view in your application.


Luckily, it only requires a little bit of coding and all in all: it’s quite easy to enable authenticated & authorized navigation in your Silverlight applications, mainly thanks to the introduction of a new class in Silverlight 4: the custom content loader.

In this article, we’ll look into enabling scenarios to enable/disable certain parts of your application for authenticated users, and to automatically ask the user for his credentials if he’s trying to access a part of the application that requires him to be authenticated or to have a specific role. But let’s start with the beginning: the custom content loader.

The accompanying source code for this article can be downloaded here.

This is the first of a two-part article series on authorization in Silverlight.  In the second part, we’ll look into automatically manipulating (disabling, hiding) UI elements depending on the credentials of the authorized user.

Introducing: the Custom Content Loader.

In Silverlight 4, a new interface was introduced: the INavigationContentLoader interface. Together with that, a Navigation Frame was given a ContentLoader property, which can be set to any class implementing said INavigationContentLoader. As the name implies, the content loader is responsible for (asynchronously) loading the content that’s associated with the target Uri. This opens up a whole load of possibilities (I’ve seen the content loader being used for, for example, loading content from a different XAP), one of which is authorized navigation.

This is how this interface looks:

public interface INavigationContentLoader
        IAsyncResult BeginLoad(Uri targetUri, Uri currentUri, AsyncCallback userCallback, object asyncState);

        void CancelLoad(IAsyncResult asyncResult);

        bool CanLoad(Uri targetUri, Uri currentUri);

        LoadResult EndLoad(IAsyncResult asyncResult);

As you can see, one of the methods is named CanLoad: this is the perfect method for what we’re trying to do: we can test if a user has the rights to navigate to a specific view, returning true or false to the CanLoad method of a custom content loader.

Read more: SilverlightShow
QR: Authorization-in-Silverlight-part-1-Authorized-navigation.aspx

Posted via email from Jasper-Net