Visual Studio LightSwitch is all about creating LOB applications.  And, of course, managing who can access the data in those applications is highly important.  LightSwitch aims to make the task of managing security simple for both the developer and the application administrator.

Here are the basic points about security within Visual Studio LightSwitch:

  • It has built-in support for Windows and Forms (user name/password) authentication.
  • It supports application-level users, roles, and permissions. Management of these entities are handled within the running application through built-in administration screens.
  • Developers are provided with access points to perform security checks.
  • It is based on, and an extension of, ASP.NET security.  In other words, it makes use of the membership, role, and profile provider APIs defined by ASP.NET. This allows for a familiar experience in configuration and customization.

I’ll address each of these bullet points in detail in subsequent blog posts.  Let me know your questions and concerns so that I can address them in those posts.