RIA Services: How can I create custom authentication?

Question

I am working with the Silverlight RIA Services and I want to create custom authentication. This appears to be the only thing that has virtually no documentation (I've read through the entire RIAServicesOverview.docx).

Do you know of a way for me to create a customer authentication service? I don't want to use the default ASP.NET membership model. I don't know what interface or abstract class I need to implement - although I did find System.Web.Ria.ApplicationServices.IAuthentication.

Do I need to implement IAuthentication? If so, could you give me some advice on how to go about doing so? These are the following methods:

    public User GetUser();

    public User Login(string userName, string password, bool isPersistent, string customData);

    public User Logout();

    public void UpdateUser(User user);

I don't know how I would implement any of these (except for Login) - how could the service possibly know what user is currently logged in in order for Logout() to work?

I've been scouring the web in search of how to do this for hours, and I can't find anything that describes how to create a simple DomainService that can be used for authenticating a user in an "RIA-linked" Silverlight project.

If someone could shed some light on this, I'd be sincerely grateful.

Thanks,
Charles

[EDIT]
I found the RIA Services page on the MSDN Code Gallery. There's a section called Authentication Samples, which links to some great code samples. Check it out if you want to know more about how authentication works within RIA Services.

Answer 1

If you create a "Silverlight Business Application" you'll see how the template implements authentication. (Or just go here and download the template sample project.)

To simplify, here's the process I used:

First, I create a domain service (FooService) that derives from LinqToEntitiesDomainService where FooContext is my entity model. In it I add all the CRUD operations to access my custom DB table and return user profiles.

Next, create a concrete User class on the serverside by deriving from UserBase:

using System.Web.Ria;
using System.Web.Ria.ApplicationServices;

public class User : UserBase
{}

Finally, derive a class from AuthenticationBase and implement the following four methods:

[EnableClientAccess]
public class AuthenticationService : AuthenticationBase<User>
{
    private FooService _service = new FooService();

    protected override bool ValidateUser(string username, string password)
    {
        // Code here that tests only if the password is valid for the given
        // username using your custom DB calls via the domain service you
        // implemented above
    }

    protected override User GetAuthenticatedUser(IPrincipal pricipal)
    {
        // principal.Identity.Name will be the username for the user
        // you're trying to authenticate. Here's one way to implement
        // this:
        User user = null;
        if (this._service.DoesUserExist(principal.Identity.Name)) // DoesUserExist() is a call
                                                                  // added in my domain service
        {
            // UserProfile is an entity in my DB
            UserProfile profile = this._service.GetUserProfile(principal.Identity.Name);
            user.Name = profile.UserName;
            user.AuthenticationType = principal.Identity.AuthenticationType;
        }
        return user;
    }

    public override void Initialize(DomainServiceContext context)
    {
        this._service.Initialize(context);
        base.Initialize(context);
    }

    protected override void Dispose(bool disposing)
    {
        if (disposing)
            this._service.Dispose();
        base.Dispose(disposing);
    }
}

Answer 2

Here is a complete official example from MS:

http://code.msdn.microsoft.com/Custom-Authentication-96ca3d20