The Sample Application

Figure B-8 shows a sample Windows Forms MDI application that uses WSLoginControl.

In its Security tab, the application requests the permissions listed in Table B-2. It requires users to log in and authenticate themselves before creating a new document window. When the user selects the File New menu item, it is handled by the OnFileNew( ) method. OnFileNew( ) demands that the user be a member of the Manager role:

     [PrincipalPermission(SecurityAction.Demand,Role = "Manager")]     void OnFileNew(object sender,EventArgs args)     {...}

Before using the application, you will need to create the users and roles in the database. You can and should use the support Visual Studio 2005 offers for managing the credentials stored in the aspnetdb database.

Create a new ASP.NET web site. When using SQL Server, add to the web site configuration file the SQL Server connection string. Select ASP.NET Configuration from the Website menu to bring up the Web Site Administration pages (see Figure B-1).

Figure B-8. The sample application

Select the Provider tab, then click the "Select a single provider for all site management data" link. Under the Provider list, click AspNetSqlProvider. Next, click the Security tab. Under Users, click "Select authentication type" and on the next page click "From the Internet". Then go back to the Security tab.

Under Roles, select "Enable roles" followed by "Create roles". Add a new role called Manager, and go back to the Security tab. Under Users, click "Create user" and provide the username and password as well as the other requested information. Make sure to check the Manager checkbox under Roles to make the new user a member of the Manager role. Click the Create User button, and you can now close Visual Studio 2005 (unless you would like to add more users and roles). Visual Studio 2005 uses a forward slash ("/") for the application name by default.

The LoginDialog Class

The sample application provides the Security menu item. When the user selects Security Log In, the application brings up the LoginDialog dialog. LoginDialog is listed in Example B-8.

Example B-8. The LoginDialog class

 partial class LoginDialog : Form {    LoginControl m_LogInControl;    bool m_Authenticated;    public LoginDialog(  )    {       Authenticated = false;       InitializeComponent(  );    }    public bool Authenticated    {       get       {          return m_Authenticated;       }       protected set       {          m_Authenticated = value;       }    }    void OnLogin(LoginControl sender,LoginEventArgs args)    {       bool successful = args.Authenticated;       if(successful == false)       {          MessageBox.Show("Invalid user name or password. Please try again",                           "Log In",MessageBoxButtons.OK,MessageBoxIcon.Hand);       }       else       {          Authenticated = true;          Close(  );       }    }    static public void Logout(  )    {       LoginControl.Logout(  );    }    static public bool IsLoggedIn    {       get       {          return LoginControl.IsLoggedIn;       }    } }

You can add the WSLoginControl to your Windows Forms toolbox and drop it on your dialogs. For the control's icon, I used the same icon as the ASP.NET Login control. All rights to icons used in this appendix belong to Microsoft.

LoginDialog is a simple dialog that contains the WSLoginControl. When you open LoginDialog in the Windows Forms Designer, you can set the WSLoginControl properties. LoginDialog sets the ApplicationName property to "/" and CacheRoles to False. The application configuration files set the UserManager web service address to http://localhost/SecurityServices/UserManager.asmx.

The OnLogin( ) method of LoginDialog subscribes to the LoginEvent event of LoginControl. In the OnLogin( ) event-handling method, LoginDialog alerts the user with a message box if the login attempt failed. If the login was successful, LoginDialog sets a public property called Authenticated to true, and closes itself. Authenticated is used by the client of LoginDialog to find out the authentication outcome. Authenticated will be false if the user closed LoginDialog without logging in. Note that Authenticated uses public get and protected set accessors, to allow clients to retrieve the value but not set it.

The Security menu of the sample application also contains a Log Out option. The implementation calls the Logout( ) static method of LoginDialog, which delegates to LoginControl.Logout( ), thereby detaching CustomPrincipal from the current thread. The sample application also uses a timer to update its status bar, which constantly informs the user of the login status. To find out whether or not the user is logged in, on every timer tick event the application checks the value of the LoginDialog.IsLoggedIn static property and updates the status bar accordingly. LoginDialog.IsLoggedIn simply delegates to LoginControl.IsLoggedIn.