Adding users/admins to an HTML Lightswitch app RRS feed

  • Question

  • My HTML5 app at the moment has no security-- anyone can use it at any time.  I'm now at the point where I would like a facility for adding users and assigning permissions.  Could someone point me to recent documentation on how to do it, best practices and such?  Would be great if the app had an Administration section where pre-designated admins could assign new users but if I have to add them behind the scenes for now that's ok too.

    From what I've read LS can use Forms Authentication out of the box, which is fine but I was wondering if ASP.Net Identity is an option as well?  If not, or if it requires extra steps and hacks, then I can live with Forms Authentication.


    Friday, October 3, 2014 5:07 PM


All replies

  • Hi Jim,

    The 'supported' way to use forms auth w HTML client is to add a desktop client to your solution and then enable forms auth.  This will add the user\role\permission management screens and database objects to your solution.  You would use the SL client to manage permissions.

    After that, you could optionally remove the SL client, connect to the security OData service and make your own management screens in HTML client like Dale Morrison does it here:


    Updated version:


    Before you try this option, post a comment on Dale's blog to ask if he's got it working on your version of LS.  I think there were breaking changes with March 14 Update, but not sure if he's fixed/updated the sample.



    • Edited by joshbooker Saturday, October 4, 2014 1:01 AM
    • Marked as answer by jim bancroft Saturday, October 4, 2014 4:21 PM
    Saturday, October 4, 2014 1:00 AM
  • Thanks Josh.
    Saturday, October 4, 2014 4:21 PM
  • Quick followup if I may.  I've added up the Silverlight desktop client to my solution, which gave me the admin screens,  and then added a few test users. 

    When I publish to Azure I'm presented with the login screen but none of the pre-defined accounts work.  I'm guessing they're not exported during the publish step?  Would anyone know how I can put users into the cloud version in that case?  (I can't login to the silverlight client in the cloud either, since none of the accounts I created appear to have working passwords in Azure.)

    Tuesday, October 7, 2014 10:17 PM
  • Hi Jim You're correct the users don't go from dev to production You can add one admin user in pub wiz then use that account to login to production sl client Josh
    Tuesday, October 7, 2014 10:45 PM
  • Right you are Josh.  I recall now having set that user in the publish wizard way back when, but thought I had chosen 'admin' as the username, instead of 'administrator', which was the actual name.  

    I tried 'admin' in the cloud, and of course couldn't log in, and thought it was because of the same reason no one else could, that the account hadn't been uploaded.  Double-checking and getting the correct name and I'm in business.  

    Thanks again, and if I could ask one more thing; for the life of me I can't get the login screen to appear when debugging.  I think I've checked the correct debug settings in the project properties to trigger a login screen, but no luck so far.  So as it stands at the moment I'm prompted in the cloud, but not locally for my user/password.  Any ideas why?

    Wednesday, October 8, 2014 7:00 AM
  • Lscore has a bug when you upgrade i send Dale post while back. 


    checked on github no changes since i hope he fines time to fix it.


    Wednesday, October 8, 2014 8:59 AM
  • Hi Jim,

    The behavior is by design.  In debug the app logs you in as testuser.  There is no way to login as another user.  Therefore, to test permissions fully it's often necessary to publish first.  Sometimes I've found it helpful to publish to a test site, if needed to test permissions in order to not affect production.



    Wednesday, October 8, 2014 12:34 PM
  • Just a quick extension to Josh's solution... if you want to be able to expose functionality that allows the creation of user records via a custom user table that then posts back data to the ASP.NET Membership model, you can do this relatively easily.  What's even better is that this approach allows you to handle most of the coding in the Server project, so you have full access to the .NET framework.

    Specifically, you'd need a new screen for managing your application users table (let's call it AppUsers).  A typical scenario for this would be a multi-tenanted app where you have an AccountAdmin role who can add users to a specific parent account, which is 1:M with AccountUser role members.  You might also want to add additional fields to the AppUsers table that support the use of specific business logic related to users and roles.

    If you take a look at the MSDN library, you'll find good documentation for the ASP.NET membership model and the SqlMembershipProvider class used by LightSwitch. To create a new user in the framework, simply create a new user in the AppUsers_Inserting() event, invoking a reference to the Membership model.  Membership.CreateUser() is the function you want to use, and it requires a bunch of arguments, including a MembershipCreateStatus enumeration instance.  

    You will also probably need to add that user to a role, which you achieve using the SqlRoleProvider object's AddUsersToRoles() method.

    If you decide you need to go down that path and need some sample code, ping me for more information.  :)


    Wednesday, October 8, 2014 4:52 PM