Silverlight/WCF login session

2019-07-25 15:24发布

站内问答 / C#
1627 2 6

I am working on a system with Silverlight and using WCF to call services to do all of the work on the server side.

I need to have a user log into the system, and once they are verified, all calls to the server need to contain the user info so the server can check security policies and do other operations based on the user.

What is the best way to do this? I can create some kind of a user class and send it to the server with every call, but is there a better way to do this with Silverlight and or WCF?

2条回答
爱情/是我丢掉的垃圾
2楼-- · 2019-07-25 15:36

Silverlight controls can't access session variables directly as silverlight controls are client side controls.but we can call WCF services to manage session in Silverlight.

We have to Set the session variable in the wcf service as follows.

<ServiceContract(Namespace:="")> _
<AspNetCompatibilityRequirements
(RequirementsMode:=AspNetCompatibilityRequirementsMode.Allowed)> _
Public Class PersonService
    <OperationContract()> _
    Public Sub DoWork()
        ' Add your operation implementation here
    End Sub
    ' Add more operations here and mark them with <OperationContract()>

   <OperationContract()> _
   Public Sub SetSessionVariable(ByVal Sessionkey As String)
        System.Web.HttpContext.Current.Session("Key") = Sessionkey
        System.Web.HttpContext.Current.Session.Timeout = 20
    End Sub
    <OperationContract()> _
    Public Function GetSessionVariable() As String
        Return System.Web.HttpContext.Current.Session("Key")
    End Function

End Class

By referencing the service to the silverlight application we can set the session variable in .xaml page as follows.

Dim client As Service.PersonServiceClient = New Service.PersonServiceClient()
'Calls the SetSessionVariable() and store values in the session.
client.SetSessionVariableAsync("Soumya")

We will get the session variable in the .xaml page by calling GetSessionVariable() where we want to check the session

Dim client As Service.PersonServiceClient = New Service.PersonServiceClient()
AddHandler client.GetSessionVariableCompleted, AddressOf client_GetSessionVariableCompleted
client.GetSessionVariableAsync()

Private Sub client_GetSessionVariableCompleted(ByVal sender As Object, ByVal e As GetSessionVariableCompletedEventArgs)
        Try
            If Not String.IsNullOrEmpty(e.Result) Then
                MessageBox.Show(e.Result)
            Else
                MessageBox.Show("Your session has been expired")
            End If
        Catch ex As FaultException        
        End Try
End Sub
查看更多
0人赞 添加讨论(0) 举报
乱世女痞
3楼-- · 2019-07-25 15:44

I would use standard token based approach. When you login to the server (by passing all required information through a user class as you suggested) the server will respond with a token. Every other server call will require a valid token. Server then validates that the token is still valid (it will automatically expire after some time) and that it comes from the same machine/user (you can check IP address for example).

This is probably the way I would implement that. You don't want to pass all the user information with every server call. (If you are on Intranet you might want to use impersonation or something like that.)

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)