This is Part 2

I am assuming you've read Part 1 and that you've downloaded the Windows Identity Foundation Training kit

This post is about an "InBrowser" Silverlight Component needing Authorization and Authentication This post will guide you through using Windows Identity Foundation to give our Silverlight application a secure experience for gym members. Afterall, it is Silverlight that represents the user interface that our gym members will use. This post will show you how to authenticate the user, and based on the user, a custom interface in Silverlight will be presented. Gym members want to see a "personalized" interface. Thus every step in this post will allow us to provide a secure way for gym members to interact with the Silverlight Application (embedded in a browser). Users will even get a custom interface based on who they are.


 

hyperlink[6]

MY PREVIOUS POST

Security for Azure, WCF, Windows Phone 7, and Silverlight – Part 1 of many - Introduction

http://blogs.msdn.com/b/brunoterkaly/archive/2010/08/14/security-for-azure-wcf-windows-phone-7-and-silverlight-part-1-of-many.aspx

 

hyperlink[4]

Windows Identity Foundation Training Kit download

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=c3e315fa-94e2-4028-99cb-904369f177c0


Opening the starter project

caveat

These posts are not about CREATING a Security Token Service

These posts will leverage an already created Security Token Service
Perhaps in a future post we can explore creating our custom Security Token Service. See the MSDN article in my previous post.


snap0326
snap0327
There are three projects

bullet

Project 1: https://localhost/GymFabrikamP_Sts/

 

This is the identity provider (explained in previous post). It offers the identity provider functionality programmatically as a Security Token Service (STS). Multiple projects can leverage this service by accessing it as an endpoint (a url in this case)

Notice the user interface for logging in the Security Token Service

image

bullet

Project 2: SL.IdentityModel

This class library simply exposes claims object model. Silverlight does not provide the needed objects so we simply set a reference to the SL.IdentityModel from Silverlight.

bullet

Project 3: SL.IdentityModel.Server

This is another class library (assembly) that can trigger authentication when necessary. It will be called from the website hosting our Silverlight application when users try to access resources.


snap0328

Add Silverlight Project

We will begin to add security features to Silverlight

In order to support Silverlight with authentication we will add a new project of type "Silverlight" and add code that implements Windows Identity Foundation features. Once the Silverlight project has been added we will start to implement the security features that leverage the Security Token Service and the two other assemblies previously discussed. We will implement a service provider and an identity provider. SAML tokens will be in place as well. In summary, Silverlight will authorize and authenticate users. In addition, we will be able to provide a custom interface for individual users.

 

Steps to take

bullet

Right-click the solution again, but this time, select Add | New Project.

bullet

In the New Project dialog, expand Visual C# in the project types list and select Silverlight.

bullet

In the Templates list, select Silverlight application.

bullet

Enter GymFabrikamClient as project name and click OK to create the project.

 

snap0334

 

Note the name “GymFabrikamClient.”

snap0335

 

Make sure your entries match below
Details matter here.

snap0336

 

2 projects added
One project is for Silverlight client interface that are users will use and the second project is to host the Silverlight project. This is not an “out of browser” Silverlight project and it therefore needs a hosting web site.

snap0337

 caveat[4]

Work in progress, not complete…