Security for Azure, WCF, Windows Phone 7, and Silverlight – Part 2 of many - Single Sign on, Claims-Driven Experience and Service Authorization for In-Browser Silverlight applications - Bruno Terkaly - Developer Evangelist - bterkaly@microsoft.com - Site Home

This is Part 2

I am assuming you've read Part 1 and that you've downloaded the Windows Identity Foundation Training kit

This post is about an "InBrowser" Silverlight Component needing Authorization and Authentication This post will guide you through using Windows Identity Foundation to give our Silverlight application a secure experience for gym members. Afterall, it is Silverlight that represents the user interface that our gym members will use. This post will show you how to authenticate the user, and based on the user, a custom interface in Silverlight will be presented. Gym members want to see a "personalized" interface. Thus every step in this post will allow us to provide a secure way for gym members to interact with the Silverlight Application (embedded in a browser). Users will even get a custom interface based on who they are.

MY PREVIOUS POST

Security for Azure, WCF, Windows Phone 7, and Silverlight – Part 1 of many - Introduction

http://blogs.msdn.com/b/brunoterkaly/archive/2010/08/14/security-for-azure-wcf-windows-phone-7-and-silverlight-part-1-of-many.aspx

Windows Identity Foundation Training Kit download

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=c3e315fa-94e2-4028-99cb-904369f177c0

Opening the starter project

These posts are not about CREATING a Security Token Service

These posts will leverage an already created Security Token Service
Perhaps in a future post we can explore creating our custom Security Token Service. See the MSDN article in my previous post.

There are three projects

Project 1: https://localhost/GymFabrikamP_Sts/

This is the identity provider (explained in previous post). It offers the identity provider functionality programmatically as a Security Token Service (STS). Multiple projects can leverage this service by accessing it as an endpoint (a url in this case)

Notice the user interface for logging in the Security Token Service

Project 2: SL.IdentityModel

This class library simply exposes claims object model. Silverlight does not provide the needed objects so we simply set a reference to the SL.IdentityModel from Silverlight.

Project 3: SL.IdentityModel.Server

This is another class library (assembly) that can trigger authentication when necessary. It will be called from the website hosting our Silverlight application when users try to access resources.

Add Silverlight Project

We will begin to add security features to Silverlight

In order to support Silverlight with authentication we will add a new project of type "Silverlight" and add code that implements Windows Identity Foundation features. Once the Silverlight project has been added we will start to implement the security features that leverage the Security Token Service and the two other assemblies previously discussed. We will implement a service provider and an identity provider. SAML tokens will be in place as well. In summary, Silverlight will authorize and authenticate users. In addition, we will be able to provide a custom interface for individual users.

Steps to take

	Right-click the solution again, but this time, select Add \| New Project.
	In the New Project dialog, expand Visual C# in the project types list and select Silverlight.
	In the Templates list, select Silverlight application.
	Enter GymFabrikamClient as project name and click OK to create the project.

Note the name “GymFabrikamClient.”

Make sure your entries match below
Details matter here.

2 projects added
One project is for Silverlight client interface that are users will use and the second project is to host the Silverlight project. This is not an “out of browser” Silverlight project and it therefore needs a hosting web site.

Work in progress, not complete…