-
Notifications
You must be signed in to change notification settings - Fork 1
A4.01 Security: Authentication (Wpf)
chempkovsky edited this page Jul 24, 2021
·
2 revisions
Security has two aspects: Authentication and Authorization
Authentication implemented using OAuth 2.0 Bearer Token Usage. Executing 00000-ContextLevelBatch.json generates a basic ready to use implementation of such authentication. Please consult 12,13,14 and 15 articles to clarify how to use "ContextLevelBatch"-script.
- Authentication consists of:
-
CommonServicesPrismModule\AppGlblLoginSrvc\AppGlblLoginService.cs
to call backend Web Api services -
CommonServicesPrismModule\AppGlblSettingsSrvc\AppGlblSettingsService.cs
to hold Bearer Token which is returned after login. (It'sAuthInfo
-property andUserName
-property) -
CommonServicesPrismModule\AppGlblSettingsSrvc\AppGlblSettingsService.cs
to define http headers for other requests to backend services. (It'sgetAuthInfoHeader()
-method) -
CommonServicesPrismModule\UserControls\ChngpswdUserControl.xaml
-page to change password -
CommonServicesPrismModule\UserControls\LoginUserControl.xaml
-page to login -
CommonServicesPrismModule\UserControls\LogoutUserControl.xaml
-page to logout -
CommonServicesPrismModule\UserControls\RegisterUserControl.xaml
-page to register - `PrismDemoApp\Views\MainWindow.xaml' application component which has global menu item
-
CommonServicesPrismModule\AppGlblSettingsSrvc\AppGlblSettingsService.cs
-service is available to any generated component and service. For instance:
public class LitCountryViewService: ILitCountryViewService
{
protected IAppGlblSettingsService appGlblSettings = null;
protected string serviceUrl = null;
protected HttpClient client = null;
public LitCountryViewService(IAppGlblSettingsService agstt) {
this.appGlblSettings = agstt;
this.serviceUrl = this.appGlblSettings.GetWebApiPrefix("LitCountryView") + "litcountryviewwebapi";
this.client = this.appGlblSettings.Client;
}
On the other hand, AppGlblSettingsService resets "Authorization" after each login and logout operation:
public dynamic AuthInfo
{
get
{
return _AuthInfo;
}
set
{
if(_AuthInfo != value)
{
_AuthInfo = value;
if(_AuthInfo == null)
{
Client.DefaultRequestHeaders.Authorization = null;
} else if ((AuthInfo.token_type == null) || (AuthInfo.access_token == null))
{
Client.DefaultRequestHeaders.Authorization = null;
} else
{
Client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(AuthInfo.token_type, AuthInfo.access_token);
}
}
}
}