I am working on a system with Silverlight and using WCF to call services to do all of the work on the server side.
I need to have a user log into the system, and once they are verified, all calls to the server need to contain the user info so the server can check security policies and do other operations based on the user.
What is the best way to do this? I can create some kind of a user class and send it to the server with every call, but is there a better way to do this with Silverlight and or WCF?Answer1:
I would use standard token based approach. When you login to the server (by passing all required information through a user class as you suggested) the server will respond with a token. Every other server call will require a valid token. Server then validates that the token is still valid (it will automatically expire after some time) and that it comes from the same machine/user (you can check IP address for example).
This is probably the way I would implement that. You don't want to pass all the user information with every server call. (If you are on Intranet you might want to use impersonation or something like that.)Answer2:
Silverlight controls can't access session variables directly as silverlight controls are client side controls.but we can call WCF services to manage session in Silverlight.
We have to Set the session variable in the wcf service as follows.
<ServiceContract(Namespace:="")> _ <AspNetCompatibilityRequirements (RequirementsMode:=AspNetCompatibilityRequirementsMode.Allowed)> _ Public Class PersonService <OperationContract()> _ Public Sub DoWork() ' Add your operation implementation here End Sub ' Add more operations here and mark them with <OperationContract()> <OperationContract()> _ Public Sub SetSessionVariable(ByVal Sessionkey As String) System.Web.HttpContext.Current.Session("Key") = Sessionkey System.Web.HttpContext.Current.Session.Timeout = 20 End Sub <OperationContract()> _ Public Function GetSessionVariable() As String Return System.Web.HttpContext.Current.Session("Key") End Function End Class
By referencing the service to the silverlight application we can set the session variable in .xaml page as follows.
Dim client As Service.PersonServiceClient = New Service.PersonServiceClient() 'Calls the SetSessionVariable() and store values in the session. client.SetSessionVariableAsync("Soumya") We will get the session variable in the .xaml page by calling GetSessionVariable() where we want to check the session Dim client As Service.PersonServiceClient = New Service.PersonServiceClient() AddHandler client.GetSessionVariableCompleted, AddressOf client_GetSessionVariableCompleted client.GetSessionVariableAsync() Private Sub client_GetSessionVariableCompleted(ByVal sender As Object, ByVal e As GetSessionVariableCompletedEventArgs) Try If Not String.IsNullOrEmpty(e.Result) Then MessageBox.Show(e.Result) Else MessageBox.Show("Your session has been expired") End If Catch ex As FaultException End Try End Sub