Session maintenance in Silverlight

I am creating Silverlight with WCF connection. I would like to create and maintain a post-login session in Silverlight and do the following.

  • On successful login, create a session object and store session id, user id, username, session state
  • On subsequent calls from WCF, the session information must be passed from Silverlight to WCF

One solution would be to create a session object and pass it as a parameter to all methods.

Is there any other way to pass information across all calls to the web service without passing a member variable?

Something similar to the persistent Session object in ASP.NET.

+2


source to share


6 answers


Why do you want to transmit session information every time?

If you are using ASP.NET to host your WCF service in ASP compatibility mode, you can set the instanciation mode to Session and then store it all in the variables of the WCF service instance. Or in your ASP session.



I can't figure out what your point is when sending all this data for every request.

The good thing when you are using SL with ASP.NET is to sign in with built-in ASP.NET authentication Like here and there, you can just call the WCF service and check which is HttpContext.Current.User.Identity.IsAuthenticated

true.

+3


source


Sessions are automatically processed for you if Cookies are enabled in your browser. Just add an empty Global.asax file to your web application and the session will be created automatically on the first browser request.



+1


source


Hm .. you can use a db to help you with this.

that's what...

  • Silverlight APP send authentication to wcf login service
  • WCF login service validate and create session in db session
  • WCF login will return true on successful login and false in unauthorizedlogin
  • Silverlight App keeps a global login variable for last use
  • Now you have information in your applications and on your server :)

Next problem: 1. How can I delete a session on the server? * just create a logout button and call the service to delete the session in the database * and remove your global variable for your applications (session variable / login variable)

  • How does the user not hit the logout button?

    • on the server site just do periodic active session validation. If it is no longer active, delete it.
  • Basically, you have to send your session ID over the internet to call your entire service to confirm that you are an authenticated user :)

Notes: Well, there is no other way as the service is stateless.

+1


source


Okay, Silverlight is not asp.net at first, and WCF is stateless by design, unless otherwise designed to preserve state.

Then if you want to keep the state in silverlight 3, you can simply create a static class with static properties and store those values ​​across different pages. But this is not an elegant solution. This is possible since SL is a client runtime and your application exists in an xap assembly that is loaded when you navigate to a URL, so it basically looks like a Windows desktop application is loaded and then executed in a restricted security context. I don't want to delve into the implications of this now, but it is important to know that it exists.

The best way to solve your problem is to use IsolStorage as such

        IsolatedStorageSettings.ApplicationSettings.Remove("UserName");
        IsolatedStorageSettings.ApplicationSettings.Add("UserName", UserName);
        IsolatedStorageSettings.ApplicationSettings.Remove("Password");
        IsolatedStorageSettings.ApplicationSettings.Add("Password", UserPassword);

      

That way, you could actually save the data in applications and reuse it the next time you start the application. Remember that everything stored in IsolStorage is mostly clear text, accessible from only one domain / site.

You must secure your WCF service with one of the many security schemes available, the information that SL3 passes to the WCF service will be clear and readable by anyone with a little effort, and anyone can call your wcf service to bypass yours. the SL app is complete, so be sure to properly protect everything.

0


source


WCF authentication in silverlight is done through SOAP headers, which you don't have access to - you cannot pass authentication data from Silverlight to WCF on demand. Assuming you are using ASP.NET Application Services to perform user authentication (this is the only technology I know of that will work), your main strategy might be to call the ValidateUser method, which will log in and instruct the Silverlight control to enable this user session information into SOAP headers and then call WCF services. You can refresh the session periodically by logging the user behind the scenes or waiting for the WCF call to fail based on credentials and then re-validate the user. I dont know,is there any live aspect to invoke WCF services that might require less pushed re-authentication.

You can store the username and password in isolated storage, as suggested by another poster, but first make sure you encrypt this data, it is stored in plain text in an obscure place and is insecure.

0


source


The end goal is to just temporarily store the custom variable while their browser is open. Regardless of elegance, if it's not megabytes of data, I just temporarily store it in a variable or resource in memory in the application or class, so you don't have to worry about it detecting locally on your machine. It will disappear when the browser session is over.

App.Current.Resource.Add("MySessionItem", item)

      

To invoke WCF, try to make ASP.net authenticate for you with ASP.NET Application Services (i.e. My.User.Identity), do not authenticate in your WCF methods based on those passed parameters that are stored in a temporary variable and / or resource.

0


source







All Articles