none
Client application services with WPF

    Question


  • I am going by an MSDN article to implement client application services to validate a user. I have a login wpf page and I also have a service that implements MembershipProvider and roleprovider.
    In the wpf page, I am calling membership.validateuser, but I get an error:

    "An error occurred creating the configuration section handler for system.web/membership: Request failed."

    How do I resolve this? Can I even use client application services with WPF with forms authorization?

    In case of an XBAP, what is the best way to implement security?
    thanks,
    V
    Tuesday, May 13, 2008 3:16 PM

Answers

  •  vivavivi wrote:

    I am going by an MSDN article to implement client application services to validate a user. I have a login wpf page and I also have a service that implements MembershipProvider and roleprovider.
    In the wpf page, I am calling membership.validateuser, but I get an error:



    Do you use ASP.NET MembershipProvider and RoleProvider at client context or server side context? If you want to do local authentication by leveraging ASP.NET's MembershipProvider, you could read the following series of article on how to do this:
    http://msmvps.com/blogs/theproblemsolver/archive/2006/01/15/81140.aspx

     vivavivi wrote:

    How do I resolve this? Can I even use client application services with WPF with forms authorization?
    In case of an XBAP, what is the best way to implement security?



    You could try the "unusual" approach illustrated in this codeproject article:
    http://www.codeproject.com/KB/web-security/ClickOnceFormsAuth.aspx

    Hope this helps
    Thursday, May 15, 2008 4:39 AM
  • ASP.NET MembershipProvider feature requires the hosting environment to have AspNetHostingPermission CAS permission which unfortunately is only assigned to full trust code. You might need to make the XBAP application full trust to get the benefit of MembershipProvider feature, the following blog article shows the steps to delopy full trust XBAP application:
    http://blogs.msdn.com/karstenj/archive/2005/11/29/498061.aspx

    But you need to understand and pay attention to the security implication of distributing the certificate and installing it into the trusted publisher store.

    Hope this helps
    Friday, May 16, 2008 7:40 AM

All replies

  •  vivavivi wrote:

    I am going by an MSDN article to implement client application services to validate a user. I have a login wpf page and I also have a service that implements MembershipProvider and roleprovider.
    In the wpf page, I am calling membership.validateuser, but I get an error:



    Do you use ASP.NET MembershipProvider and RoleProvider at client context or server side context? If you want to do local authentication by leveraging ASP.NET's MembershipProvider, you could read the following series of article on how to do this:
    http://msmvps.com/blogs/theproblemsolver/archive/2006/01/15/81140.aspx

     vivavivi wrote:

    How do I resolve this? Can I even use client application services with WPF with forms authorization?
    In case of an XBAP, what is the best way to implement security?



    You could try the "unusual" approach illustrated in this codeproject article:
    http://www.codeproject.com/KB/web-security/ClickOnceFormsAuth.aspx

    Hope this helps
    Thursday, May 15, 2008 4:39 AM

  • Marco Zhou, thanks for replying.
    I did look at those examples before during my research. Let me explain more clearly what I am doing.

    I am implementing the example given in this walkthrough:
    http://msdn.microsoft.com/en-us/library/bb546195.aspx

    In the example,  AppServices implements ASP.NET MembershipProvider and RoleProvider at the server side.

    The only difference between that example and what I am trying to do is the client is not a windows application but an XBAP.
    I figured I could do this because in the article, it says:
    "This walkthrough uses Windows Forms because more people are familiar with it, but the process is similar for Windows Presentation Foundation (WPF) projects."

    In the XBAP, when I do  membership.validateuser, I get the error I posted before.

    Is this because an XBAP application does not have the permissions necesary to make that call?

    I followed another article that says I need to set the

    AppDomain.CurrentDomain.SetThreadPrincipal(Thread.CurrentPrincipal);


    but this also does not work.


    I looked at the "unusual approach" - but I am not trying it out right now because but we are ok with the fact that the user might have to login in every time they want to use the xbap. I just want to make the validation with CAS work with an XBAP.To do this, I need to understand why the membership.validate user throws that error.
    thanks,
    V


    Thursday, May 15, 2008 3:51 PM
  • ASP.NET MembershipProvider feature requires the hosting environment to have AspNetHostingPermission CAS permission which unfortunately is only assigned to full trust code. You might need to make the XBAP application full trust to get the benefit of MembershipProvider feature, the following blog article shows the steps to delopy full trust XBAP application:
    http://blogs.msdn.com/karstenj/archive/2005/11/29/498061.aspx

    But you need to understand and pay attention to the security implication of distributing the certificate and installing it into the trusted publisher store.

    Hope this helps
    Friday, May 16, 2008 7:40 AM