Windows Authentication check behind an Add-In button?

SteveClark · ‎06-28-2013

I have developed a couple of Add-Ins for the Viewer using Silverlight API and now I am wanting to provide authentication and authorization (single sign-on to AD) when the user clicks those buttons. I have two buttons and I want to assign two different AD roles to them. Ideally, if button1 is for roleA and button2 is for roleB and a user is in roleA, she would be able to click button1 and proceed; if not, clicking button1 would bring up an error message. What are the general steps to accomplish something like this? I can see setting up an authentication web service but does that go out and know/get the user and its roles, and how to get that information (InitParam?) back to Silverlight? I have not done any credentials in Silverlight before and don't know how to start.

Anonymous User · ‎07-02-2013

Original User: Steve Clark

Here's what I got so far. In IIS on my server, I have the app set to Windows Authentication. I also configured Local Groups and linked that to our AD groups. I then set the Authorization Rules for the app so that if you type in the url <server>/apps/MyApp, you have to be in the Local Group in order for the viewer app to come up.

Now I am trying to figure out how to code CanExecute to make a method call to IIS to check if user IsInRole (or something similar). Silverlight doesn't appear to give you many options including Context or HttpContext. I don't need to secure services, I just want to query the IIS role to see whether the Add-In button is enabled or not. How do I make that call?