locked
Security with HTML Client RRS feed

  • Question

  • Hi Experts

    I have enabled my HTML LightSwitch Application for Forms Authentication. I haven't checked the checkbox of Grant in Debug mode for any of the permissions. But then too the authentication process is completely bypassed. I want to check the authentication in debug mode without publishing the app. Also is there a way to create new users in debug mode.

    Also I want to disable one of the command if the user does not have Admin permissions.How can I check the permissions on the client side as I want to write this code on CanExecute method.

    Please help.

    Best,

    Goldy

    Monday, May 20, 2013 8:57 AM

Answers

  • Hi Goldy,

    Actually the Silverlight application will be very small overhead. You just add a Silverlight Client without any screens. Then you deploy your application, making sure that you do specify an Admin user at deployment time. The Silverlight Client will be in a different path and once you logged in as Admin user, the security screens will immediately show up.

    As for using custom code like what you're doing, you will need to debug the code on the deployed server yourselves as I don't have the full context to reproduce and run your code. But at F5 time if you get not enough permission I'd suggest making sure you check the highlighted box.

    Best regards,
    Huy

    • Proposed as answer by Angie Xu Tuesday, June 4, 2013 1:51 AM
    • Marked as answer by Angie Xu Wednesday, June 5, 2013 11:54 PM
    Thursday, May 23, 2013 9:20 PM

All replies

  • Hi Goldy,

    But then too the authentication process is completely bypassed. I want to check the authentication in debug mode without publishing the app.

    Unfortunately at debug time the runtime will always use a Test Account with Administrator permission and there's no good way to change this behavior.

    Also is there a way to create new users in debug mode.

    The HTML Client lacks the built-in screens to manage the Roles and Users for the application. The easiest way to get around this problem is to add an empty Desktop (Silverlight) Client to your project. After deploying your application, you can launch the Desktop Client and use the built-in screens to add users and roles. See this MSDN article.

    Also I want to disable one of the command if the user does not have Admin permissions.How can I check the permissions on the client side as I want to write this code on CanExecute method.

    The HTML Client also lacks the current user support that Desktop Client has. But,

    • You can use screen.findContentItem("AddminCommand").isVisible = false and screen.findContentItem("AdminCommand").isEnabled = false to hide and disable the Admin Command.
    • You can follow Michael excellent blog to add a GetUserPermission.ashx, then invoke it to get the current user's permission (or just true/false).
    • Based on that result you can now enable and show the Admin Command.

    Best regards,
    Huy

    Wednesday, May 22, 2013 5:58 PM
    • You can follow Michael excellent blog to add a GetUserPermission.ashx, then invoke it to get the current user's permission (or just true/false).
    • Based on that result you can now enable and show the Admin Command.

    Beth Massi has the best example on this one:

    LightSwitch Tip: A Simple Way to Check User Permissions from the HTML Client

    :)


    The Visual Studio LightSwitch Marketplace

    http://LightSwitchHelpWebsite.com

    Wednesday, May 22, 2013 6:00 PM
  • Hi Huy

    Thanks for your response.

    I don't want to create additional overhead of silverlight app just for the sake of the users management.  I have added a new webform which will create the new users and I want to use the ServerApplicationContext api to create users and and roles programatically. I found this link which shows how to do that http://blogs.msdn.com/b/mthalman/archive/2012/03/15/using-the-securitydata-service-in-lightswitch.aspx

    But now when using this with the new api , I'm getting the error "The current user does not have the permissions" when I am calling the SaveChanges method. As you mentioned that in the debug mode the test account have the admin permissions then why this error ? Am I doing some wrong here. Please guide. Below is the complete code.

      /// <summary>
            /// To create default roles and assign permissions.
            /// </summary>
            private void CreateDefaultRolesAndAssignPermissions()
            {
                try
                {
                    using (ServerApplicationContext ctx = ServerApplicationContext.CreateContext(ServerApplicationContextCreationOptions.SkipAuthentication))
                    {
                        var adminRole = ctx.DataWorkspace.SecurityData.Roles_SingleOrDefault("Admin");
    
                            // check if Admin role already exists
                        if (adminRole == null)
                        {
                            adminRole = ctx.DataWorkspace.SecurityData.Roles.AddNew();
                            adminRole.Name = "Admin";
                            ctx.DataWorkspace.SecurityData.SaveChanges();
                            adminRole = ctx.DataWorkspace.SecurityData.Roles_Single("Admin");
                            var permission = ctx.DataWorkspace.SecurityData.Permissions_Single(Permissions.CanApproveOrders);
                            var rolePermission = adminRole.RolePermissions.AddNew();
                            rolePermission.Permission = permission;
                            ctx.DataWorkspace.SecurityData.SaveChanges();
                        }
    
                        var customerRole = ctx.DataWorkspace.SecurityData.Roles_SingleOrDefault("Customer");
                        if (customerRole == null)
                        {
                            customerRole = ctx.DataWorkspace.SecurityData.Roles.AddNew();
                            customerRole.Name = "Customer";
                            ctx.DataWorkspace.SecurityData.SaveChanges();
                            customerRole = ctx.DataWorkspace.SecurityData.Roles_Single("Customer");
                            var permission = ctx.DataWorkspace.SecurityData.Permissions_Single(Permissions.CanAddOrders);
                            var rolePermission = customerRole.RolePermissions.AddNew();
                            rolePermission.Permission = permission;
                            ctx.DataWorkspace.SecurityData.SaveChanges();
                        }
                    }
                }
                catch (Exception exception)
                {
    
                    this.Label3.Text = exception.Message;
                }
            }

    Thursday, May 23, 2013 1:33 PM
  • Hi Goldy,

    Actually the Silverlight application will be very small overhead. You just add a Silverlight Client without any screens. Then you deploy your application, making sure that you do specify an Admin user at deployment time. The Silverlight Client will be in a different path and once you logged in as Admin user, the security screens will immediately show up.

    As for using custom code like what you're doing, you will need to debug the code on the deployed server yourselves as I don't have the full context to reproduce and run your code. But at F5 time if you get not enough permission I'd suggest making sure you check the highlighted box.

    Best regards,
    Huy

    • Proposed as answer by Angie Xu Tuesday, June 4, 2013 1:51 AM
    • Marked as answer by Angie Xu Wednesday, June 5, 2013 11:54 PM
    Thursday, May 23, 2013 9:20 PM