RIA Services - v1 Shipped!

"Those Who Ship, Win!"

This used to be written on a giant poster in the hallways of building 42 (original home of the .net framework) ... should have taken a picture of it while it used to be around. (missed classic photo opportunity - anyone have a shot of it?)

Today, we delivered one of the most important features, shipping a v1. Yes, WCF RIA Services v1 is done, and shipped! You can get the final build along with the final build of Silverlight 4 tools, right here on the RIA Services landing page, that also has links to blogs, tweets, docs, forums and all things RIA Services.

It has been an exciting ride building this technology from the ground-up, seeing people use it live even with early preview builds, and providing tons of feedback (thanks), and bringing credibility to Silverlight as a line of business application platform. It has also been an interesting learning experience for me personally in many dimensions.

The diagram below captures the essense - what can a framework do by redfining a Rich Internet Application as a single logical application that spans across client and server, and consumes as well as provides data and services. My original Vision to Architecture blog post still holds up a year or so later. I'll be doing a follow-up to that post, as well as updating my Book Club reference app with a couple of new features, so stay tuned.

[Full post continued here...]

RIA Services Samples Project on CodePlex

RIA Services Samples Project on CodePlex: "Announcing a CodePlex project with RIA Services sample apps and extensions...
[Full post continued here...]

ToC for the Book Club RIA Services Application

Earlier this week, I published the RIA Services Essentials project on CodePlex to share some sample code. The first sample included is an updated version of the Book Club application.

This application has become sort of a reference application. It was written to demonstrate some aspects of writing a semi-real-worldish application (note that it is still very much a demo app), but more importantly, demonstrating how you can use RIA Services effectively by going beyond the basics. As such, it isn't meant to be a HelloWorld app, which I agree would be useful. This post is a sort of guide for what is in the sample.

Here is a list of what the application demonstrates:

• Entity framework data model with one-to-many and many-to-many relationships as well as use of stored procedures


• Local data model augmented/mixed with a web service-based data model (in this case Amazon).


• CRUD and more (queries, insert, update, delete, as well as named update methods, and invoke methods)


• Use of convention and configuration for identifying CRUD operations


• Validation (field level, entity level, operation level, change-set scoped, server-only validation, async validation)


• Custom authentication (i.e. using your DAL/user table, rather than asp.net membership)


• Authorization (including custom authorization rules)


• Using authentication service and your User object in server code


• Usage of DomainServiceFactory


• Exposing reference data


• Presentation model for defining custom (non-DAL) types for use between client and server


• Shared code between client and server for validation rules


• Query limits, and caching


• Using RIA Services with MVVM on the client


• Adding computed properties on Entities on the client along with propagation of change notifications


• "More" style paging (as seen for example on twitter.com)


• Display of pending changes, validation errors


• Reference data used to fill lookup dropdown lists.

[Full post continued here...]

RIA Services and Authorization

This post digs deeper into the Book Club application from the perspective of the authorization feature of RIA Services. You can check out more information about the application via its associated table of contents post.

The post covers how the out-of-box authorization rules can be applied, how custom rules that can be implemented, how custom rules can use additional bits of information in their implementation, and how client-side UI can be customized to account for authorization.

The sample application has been updated, so you might want to download the latest release of the code from the RIA Services Essentials project on CodePlex or browse the checkin history.

Authorization and validation share a lot of common concepts and patterns, so the deep dive into validation with RIA Services might be particularly interesting.

Authorization Overview

Authorization allows you to secure operations and data in your application based on the authenticated user. It essentially answers the question:

"Can X do Y [with Z]?"

where X is the user (the subject), Y is the operation (the verb), and optionally, Z is the entity being operated upon (the object). In RIA Services, each authorization rule encapsulates a specific question that you can associate your services and its operations with. These rules help create a more complete picture of the domain or application semantics that are being encapsulated within a domain service. Rules are associated with operations as metadata attributes that derive from AuthorizationAttribute.

[Full post continued here...]

Feed has moved

Feed has moved: "This feed has moved to http://feeds.pheedo.com/techtarget/tssnet/home."

RIA Services and Authentication

Authentication is the third in a series of posts covering the key concepts of RIA Services using the Book Club application to digger deeper and go beyond the basics. Links to the first two posts on validation and authorization as well as an overview of the application/source code are at the end of this post.

Authentication Overview

Like authorization, RIA Services provides a higher level programming model, and out-of-the-box, but extensible solution. Authentication answers the question:

"Do these credentials represent a valid user?"

Credentials might be user name and password, or any other piece of data that can be used to verify that the user is who he/she says they are. Generally, a side-effect of authentication is to produce a representation of the user, usually represented as an IPrincipal, as well as establishing an authenticated session for the client to use in making subsequent requests.

RIA Service defines an authentication service as a domain service that implements IAuthetication<TUser> where TUser is application's notion of a user that brings together identity, roles and settings that span across client and server.

RIA Services also provides an out-of-box implementation based on the standard asp.net membership, roles and profile infrastructure services. If you use the business application template, this is all setup for you by default. However RIA Services also lets you implement your own authentication service when you want to use your own custom credential store, or a different authentication mechanism such as OpenID.

This post covers using authentication and the User object on client and server, as well as building a custom forms authentication service that works against the application's data model.

Using Authentication on the Client

I created an inplace-LoginControl with a number of visual states (Unauthenticated, CredentialInput, Authenticating and Authenticated) as shown here.

Authentication functionality is accessed through a class called WebContext on the client. WebContext represents the functionality provided by the home web server to the client application. This is how WebContext is initialized in the application:

[Full post continued here...]

RIA Services and Authentication - Part 2 (Using Roles)

When I posted my RIA Services and Authentication post earlier in the week (which I highly recommend checking out first if you haven't), the first comments/tweets I saw indicated people also want to see roles working in the application. So I decided to add this bit of functionality, both in the Book Club application and the supporting functionality in the RIAEssentials framework, so you can use it easily in your own applications as well.

From a scenario perspective, what I am going to do is require an Admin role to browse and add book club members.

Adding and Using Roles

The first step is to update the AuthenticationService implementation I showed earlier to add roles into the authentication process. It only requires quite literally a couple of minor tweaks, th. The added lines are shown in bold:

[Full post continued here...]