Part 7 of my RIA Services article series has been published here.
This one goes into details on the security features of RIA Services. It shows how things work for configuring and using the membership and role providers in a RIA Services app with the ability to authenitcate the user, authorize calls based on roles, modify the UI based on role, and filter data based on user identity and roles.
The quick and dirty is this:
- Configure your host site for membership and role providers and forms authentication
- Add a [RequiresAuthentication] attribute to your domain services
- Add an AuthenticationDomainService (project item template) to your host site
- Initialize the WebContext on the client by adding it to the ApplicationLifetimeObjects collection and set its Authentication property to an instance of FormsAuthentication
- Call Login on the WebContext with user credentials
- Authorize on the server side with [RequiresRole] attributes
- Authorize on the client side with WebContext.User.IsInRole
See the article for the full details of the above.