How to: Enable Roles in RIA Services

WCF RIA Services

[WCF RIA Services Version 1 Service Pack 2 is compatible with either .NET framework 4 or .NET Framework 4.5, and with either Silverlight 4 or Silverlight 5.]

This topic demonstrates how to enable roles in your WCF RIA Services solution if you have previously enabled authentication. You can retrieve a user’s roles only after the user has been authenticated. To configure your solution for authentication, see How to: Enable Authentication in RIA Services. You restrict access to a domain operation to members of a role by applying the RequiresRoleAttribute attribute to the method for the domain operation.

Roles are used to specify which group of authenticated users can access certain resources. Roles in RIA Services build upon roles in ASP.NET. For more information about roles, see Understanding Role Management.

To configure the server project

  1. In the server project, open the Web.config file.

  2. In the <system.web> section, enable the manager role by adding the <roleManager> element.

    The following example shows how to enable the manager role.

      <authentication mode="Forms"></authentication>
      <roleManager enabled="true"></roleManager>
  3. In the membership database, create the required roles and assign users to the roles as needed.

    For more information, see Understanding Role Management. For an example of creating roles, see Walkthrough: Using Authentication Service with Silverlight Business Application or Walkthrough: Using Authentication Service with Silverlight Navigation Application.

  4. To restrict access to a domain operation to only members of a specified role, apply the RequiresRoleAttribute attribute to the domain operation.

    The following example specifies that only members of the Managers role can access the domain operation.

    public IQueryable<Customer> GetCustomers()
        return this.ObjectContext.Customers;

To access roles in the client project

  1. To check whether the user belongs to the required role, access the Roles property or call the IsInRole method on the WebContext.Current.User object.

    The following example checks whether the user belongs to a role named Managers before calling the domain operation.

    private void LoadRestrictedReports()
        LoadOperation<SalesOrderHeader> loadSales = context.Load(context.GetSalesOrderHeadersQuery().Take(numberOfRows));
        SalesOrdersGrid.ItemsSource = loadSales.Entities;
        SalesOrdersGrid.Visibility = System.Windows.Visibility.Visible;
        if (WebContext.Current.User.IsInRole("Managers"))
            LoadOperation<Customer> loadCustomers = context.Load(context.GetCustomersQuery().Take(numberOfRows));
            CustomersGrid.ItemsSource = loadCustomers.Entities;
            CustomersGrid.Visibility = System.Windows.Visibility.Visible;
            CustomersGrid.Visibility = System.Windows.Visibility.Collapsed;
  2. If you want to make the WebContext object available in XAML, add the current WebContext instance to the application resources in the Application.Startup event before creating the root visual.

    The following example shows how to add the WebContext instance as an application resource.

    private void Application_Startup(object sender, StartupEventArgs e)
        this.Resources.Add("WebContext", WebContext.Current);
        this.RootVisual = new MainPage();