30.1. Client Services

Over the course of this chapter you will be introduced to the different application services via a simple Windows Forms application. In this case it is an application called ClientServices, which you can create by selecting the Visual Basic Windows Forms Application template from the File New Project menu item. You can also add the client application services to existing applications via the Visual Studio 2008 Project Properties Designer in the same way as for a new application.

The client application services include what is often referred to as an application framework for handling security. VB.NET has for a long time had its own Windows application framework that is enabled and disabled via the Application tab on the project properties designer. This framework already includes limited support for handling user authentication, but it conflicts with the client application services. Figure 30-1 shows how you can elect to use an application-defined authentication mode so that you can use both the Windows application framework and the client application services in your application.

Figure 30.1. Figure 30-1

To begin using the client application services, you need to enable the checkbox on the Services tab of the project properties designer, as shown in Figure 30-2. The default authentication mode is to use Windows authentication. This is ideal if you are building your application to work within the confines of a single organization and you can assume that everyone has domain credentials. Selecting this option will ensure that those domain credentials are used to access the roles and settings services. Alternatively, you can elect to use Forms authentication, in which case you have full control over the mechanism that is used to authenticate users. We will return to this topic later in the chapter.

Figure 30.2. Figure 30-2

You will notice that when you enabled the client application services, an app.config file was added to your application if one did not already exist. Of particular interest is the <system.web> section, which should look similar to the following snippet:

<system.web>
    <membership defaultProvider="ClientAuthenticationMembershipProvider">
        <providers>
            <add name="ClientAuthenticationMembershipProvider"
type="System.Web.ClientServices.Providers.ClientWindowsAuthenticationMembershipProvider,
System.Web.Extensions, Version=3.5.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" serviceUri="" connectionStringName=
"DefaultConnection" credentialsProvider="" />
        </providers>
    </membership>
    <roleManager defaultProvider="ClientRoleProvider" enabled="true">
        <providers>
            <add name="ClientRoleProvider"
type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions,
Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
serviceUri="" cacheTimeout="86400" connectionStringName="DefaultConnection" />
        </providers>
    </roleManager>
</system.web>

Here you can see that providers have been defined for membership and role management. You can extend the client application services framework by building your own providers that can talk directly to a database or to some other remote credential store such as Active Directory. Essentially, all the project properties designer does is modify the app.config file to define the providers and other associated properties. In order to validate the user, you need to add some code to your application to invoke these services. You can do this via the ValidateUser method on the System.Web.Security.Membership class, as shown in the following snippet:

Private Sub Form1_Load(ByVal sender As System.Object, _
                        ByVal e As System.EventArgs) Handles MyBase.Load
    If Membership.ValidateUser(Nothing, Nothing) Then
        MessageBox.Show ("User is valid")
    Else
        MessageBox.Show("Unable to verify user, application exiting")
        Application.Exit()
        Return
    End If
End Sub

Interestingly, there is no overload of the ValidateUser method that accepts no arguments; instead, when using Windows authentication, you should use Nothing (or null in C#) for the username and password arguments. In this case, ValidateUser does little more than prime the CurrentPrincipal of the application to use the client application services to determine which roles the user belongs to. You will see later that using this method is the equivalent of logging the user into the application.

The preceding code snippet, and others throughout this chapter, may require you to import the System.Web.Security namespace into this class file. You may also need to manually add a reference to System.Web.Extensions.dll in order to resolve type references.