locked
Security - Combining sync services with an ASP.NET application RRS feed

  • Question

  • Hi, I'm new to this so any comments/pointers will help. I have a client XBAP application that needs to access a SQL database and file resources on my web server. I currently have a web service that does authentication, roles, and profiles through ASP.NET. It also provides my client app with data, hiding the SQL database on the server.

    Sync services sound like a great way to solve several of my issues regarding occasionally connected clients. However using sync services requires my client to have direct visibility to my SQL database. I'm okay with this as long as I can make this unified and secure. I've seen examples of how to secure access to my web service interfaces using ASP.NET authentication, and I've seen docs on how to setup secure access to a SQL database.

     

    Is it one authority or the other? Or is there some way I'm supposed to combine these so that I have authentication, roles and user level security shared between them?

     

    Thanks, Ed

    • Moved by Max Wang_1983 Friday, April 22, 2011 9:11 PM forum consolidation (From:SyncFx - Microsoft Sync Framework Database Providers [ReadOnly])
    Wednesday, December 26, 2007 8:29 PM

Answers

  • Ah, I think I understand now. You set the client SyncAgent.RemoteProvider to a WCF Service interface that wraps the

    DbServerSyncProvider. Service interface access is protected by ASP.NET authentication.

     

    Thanks, Ed
    Thursday, December 27, 2007 2:07 AM

All replies

  • Hey Ed,

     

    I wouldn't go so far to say that your clients need direct visibility to the SQL database, because you can use Sync Services over web services or WCF endpoints.  They would however need direct visibility to a local SQL cache (with the same schema).  This is easily done using the "Local Data Cache" and "Sync Designer" feature in Visual Studio 2008.  You can even seperate the client/server components into a true client/server architecture using web services or wcf using this tool.

     

    As far as authentication, you will have to handle this on your own.  I generally handle authentication before I attempt synchronization, and I also use filter paramters to restrict the data being returned.

     

    Hope that helped.

     

    Phillip Zedalis

     

    Wednesday, December 26, 2007 10:09 PM
  • Hi Phillip,

    Thanks for the reply. You mention: "Sync Services over web services or WCF endpoints". I can't seem to locate the documentation for this. Do you have any pointers to the docs you're thinking of?

     

    Thanks, Ed

     

    Wednesday, December 26, 2007 10:52 PM
  • Check out: http://www.syncguru.com/projects/SyncServicesDemoWebService.aspx

     

    It works the same for WCF, just have to provide the same public methods.  I highly recommend trying the Sync Designer in Visual Studio 2008.  Although I don't use it anymore for my projects, it was an excellent tool for learning how the pieces fit.

     

    Hope that helps.

     

    Phillip

    Wednesday, December 26, 2007 10:57 PM
  • Ah, I think I understand now. You set the client SyncAgent.RemoteProvider to a WCF Service interface that wraps the

    DbServerSyncProvider. Service interface access is protected by ASP.NET authentication.

     

    Thanks, Ed
    Thursday, December 27, 2007 2:07 AM
  •  

    Hi Phillip,

     

    I am new to sync and I am using  the "Local Data Cache" and "Sync Designer" feature in Visual Studio 2008. 

     

    I saw in your answer for these.

     

    I would like to know how to handle authentication before synchronization, and also use filter paramters to restrict the data being returned?

     

    Where and how can I do this? Can you provide me some info and examples (if you have) for this?

     

    Thanks,

    Rajesh

    Monday, May 5, 2008 10:32 AM