Hi All,
I'm just getting started with CodeSmith and NetTiers so please bear with me. Already seeing huge potential just struggling with the learning curve at the moment!
I am trying to use the NetTiers Membership Provider. What I want to do is to work out how to pass the identity of the user logged into the website back through the webservice so I can use it in the Service Layer to for logic/workflow and also populate the "CreatedBy" & "ModifiedBy" columns on my tables when records are updated (in entityproviderbase.cs).
Has anyone tried to do this before and/or has a nice solution to this problem? Maybe this is there OTB but I'm just not sure where to start and there doesn't seem to be any docs on the Membership provider.
Thanks in advance
Dave
Hello there. That's actually kinda easy.
When you creante an Instance of your webservice, you can attach a network credential to it.
MyWebService ws = new MyWebService (); ws.Credentials = new NetworkCredential("Login", "Password");
The catch is in the Principal of your webpage. There's only a login field there, so you's have to customize it. The other option is to store the login and password in the session, whe the user logs in and use it to create the credentials.
I dont know if I was clear enough... );
hth anyways.
Will Code For Food
Hey, thanks for your response.
This was kind of what I was thinking of doing but I don't think I want/need to authenticate the user on the webservice, I just want to know who they are so I was thinking of attaching the UserGuid (and possibly other stuff) in a custom SoapHeader class. We've done this before but I'm not sure how to get it to work in NetTiers and change the template(s) to generate the code. We are using the WebServiceClient and the Service Layer and so this may add complexity but I just need to know where to start really.
So what we have done previously is something like:
<code>[Serializable]public class WsIdentity : SoapHeader{ public Guid UserGUID;}</code>
then add this as a property to the Data layer and the Webservice and then pass the SoapHeader on each webservice method
<code>public class MyService : System.Web.Services.WebService
{ public MyService () {
}
DataAccess da = new DataAccess();
public WsIdentity wsidentity;
[WebMethod(Description="")]
[SoapHeader("wsidentity", Direction = SoapHeaderDirection.In)] public Claim AddClaim(Claim NewClaim) {
da.wsidentity = wsidentity;
return da.AddClaim(NewClaim); }
</code>
Hopefully you get the idea anyway. So what I want to do is implement something like this in NetTiers. I thought there might be something in the Services.SecurityContext class to do this or maybe it could be customised to do this but I'm just not sure where to start.
I guess I just want to know if this is the right thing to do and if so where is the best place to put the code? Also some help on the best way to customise the templates to add the code in without breaking future changes to NetTiers would be greatly appreciated. This may be a big ask but even if you can point me in the right direction that would be a start.
Thanks
Did you figur this all out?
If you're using Tortoise SVN you can customize the templates with no problems, when you get the latest version it will ask you about the files you changed and it can merge it very well.
Your solution doesnt look too good, I would go with the membership provider... just because you're using NetworkCredentials doesnt mean you have to authenticate the request. just check your security options in IIS. Plus, its harder to maintain customized code than known solutions.
No I don't have it yet. I guess I see that your solution is better but I just don't see how to implement it. Here's where I'm at (and please feel free to correct me if I'm wrong):
1. The membershipProvider is activated on the website and I can add users and login.
Now here's where I start to get stuck.
2. I need to change the webserviceclient so that each time an instance of the webservice is created the NetworkCredentials are attached. Ok I can do that manually but I think it would be better to amend the WsEntityProviderBase.generated.cst to add the code automatically. I think this is where you are saying I should use Tortoise SVN so I can manage changes in the NetTiers code against my own changes, is that correct? We only use SourceSafe here so haven't used Tortoise before but I'll give it a go and see how I get on.3. Now the WebService is passing back NetWorkCredentials how do I process these in the Webservice? Do I need to activate the MembershipProvider on the webservice? If so what are the Web.config settings? If not how does it work?4. Now the identity is available in some form in the DAL and BLL how do I use it?I also want to use the user's Role information but I notice there is no RoleProvider currently implemented. I guess this might be a seperate post though so lets just stick to the current issue for now.ThanksDave
davewells:No I don't have it yet. I guess I see that your solution is better but I just don't see how to implement it. Here's where I'm at (and please feel free to correct me if I'm wrong):
No problem, we're here to help. Sorry if I sound too cocky.
davewells:1. The membershipProvider is activated on the website and I can add users and login.
Thats one less problem. (;
davewells:Now here's where I start to get stuck.
There's always a catch. lol
davewells:2. I need to change the webserviceclient so that each time an instance of the webservice is created the NetworkCredentials are attached. Ok I can do that manually but I think it would be better to amend the WsEntityProviderBase.generated.cst to add the code automatically. I think this is where you are saying I should use Tortoise SVN so I can manage changes in the NetTiers code against my own changes, is that correct? We only use SourceSafe here so haven't used Tortoise before but I'll give it a go and see how I get on.
davewells:3. Now the WebService is passing back NetWorkCredentials how do I process these in the Webservice? Do I need to activate the MembershipProvider on the webservice? If so what are the Web.config settings? If not how does it work?
No settings, just use:
IPrincipal p = HttpContext.Current.User;
string loggedUser = p.Identity.Name;
this way you have the login of the user who made the request. With the legin, you can get the users information / permissions and all that. Also, you could cache the user class once you fetch it from the database to speed up a little.
Remember to uncheck the option to use windows authentication in your IIS application and allow anonymous use. or else it will check with AD and you'd have 401s every request.
davewells:4. Now the identity is available in some form in the DAL and BLL how do I use it?
I'm not sure I understand this question. );
davewells:I also want to use the user's Role information but I notice there is no RoleProvider currently implemented. I guess this might be a seperate post though so lets just stick to the current issue for now.
Personaly never used RoleProvider... it's a solution way too simple to the system I'm involved in. );
davewells:Thanks
Hope my answers solve a little of your problems
vbandrade:No problem, we're here to help. Sorry if I sound too cocky.
vbandrade: davewells:3. Now the WebService is passing back NetWorkCredentials how do I process these in the Webservice? Do I need to activate the MembershipProvider on the webservice? If so what are the Web.config settings? If not how does it work?No settings, just use:IPrincipal p = HttpContext.Current.User;string loggedUser = p.Identity.Name;this way you have the login of the user who made the request. With the legin, you can get the users information / permissions and all that. Also, you could cache the user class once you fetch it from the database to speed up a little.Remember to uncheck the option to use windows authentication in your IIS application and allow anonymous use. or else it will check with AD and you'd have 401s every request.