Xomega.Net Walkthrough Tutorial

4.2 Adding password authentication

In this section we are going to add a common Login View for our application and a service that performs user authentication by email and password. The final implementation of the authentication will depend on the specific technology we use, and we’ll describe it for each technology in the subsequent sections.

As usual, we will begin with defining the relevant things in our Xomega model. Let's open up the person.xom file, and declare a new data object called AuthenticationObject, which will serve as a data model for our login view. Since it doesn’t represent any persisted object, we will want to turn off modification tracking for it in a custom subclass, so we’ll add a customize attribute, as follows.

Next we will define a new structure "credentials" with two parameters for the email and password, which will be added to our AuthenticationObject as properties.

Notice how we use the “email” type that we defined earlier, and a "plain password" type for the password parameter, which was pre-configured in the Xomega model. Next let's add an operation "authenticate" to the person object, which will use this structure as an input argument. We also don’t want to expose it via REST or WCF APIs, since they’ll use their own standard authentication mechanism, so we’ll configure our operation to not support them, as shown below.

Even though the operation is not going to update anything in the database, we marked it with type "update", so that the Login View would be generated with a Save button and the logic to call this operation with the supplied credentials, which is pretty much what we want for the Login button. So let's go ahead, and add the actual Login View definition in the model as follows.

Let's have a look at some things that we have configured on our Login View. We will need to customize the logic for the generated view to implement the actual authentication for each specific technology in our application, so we marked it with the customize attribute. We set the child attribute to true, so that this view would not be added to the main menu by the generator. We set our AuthenticationObject as the view model for the view. We used the standard layout for the view, but we overrode it to make the fields stack up as one column instead of two, and also to set some size.

These are all the changes that we need in the model, so we can go ahead and build the model project now. Once the model build finishes, let's open the PersonServiceCustomized.cs under the generated PersonService.cs, and provide a custom implementation for the Authenticate method as shown below.

This is where we would need to hash the user supplied password using the salt that is stored in the database along with the hashed password, and compare the result with the latter. For ease of testing though, we will instead just compare it with a hardcoded word "password" for now. If the email address is not found or the password is not valid, we’ll report a critical error using the generated constant InvalidCredentials for the message that we’ve added to the Resources.resx in the .Services.Entities project.

Next, let’s open the generated AuthenticationObjectCustomized.cs in the .Client.Common project, and set it up to not track modifications, as shown below. We also set the IsNew flag to false, so that the view title would say just “Login” and not “New Login”.

With this common code we’ll have an internal operation that can authenticate a person by email and password, and a generated Login View that can collect this information and call that operation when the user clicks the Save button. Presenting the Login view and the actual authentication of the user will need to be implemented for each specific technology, as we’ll see in subsequent sections. Before that though, let’s see how you can write common platform-independent security logic in the business services and the presentation layer.

Next: 4.3 Securing business services >

	Please enable session cookies in order to register or sign in. sign in \| register
	Home Download Order Forums Blog Contact Us
Xomega Tutorials Complete Walkthrough Before you start 1. Basic search/details views 1.1 Creating Xomega solution 1.2 Importing model from DB 1.3 Adding CRUD ops and views 1.4 Building model 1.5 Running application 2. Modeling search view 2.1 Modeling results list 2.2 Field config, links 2.3 Custom result fields 2.4 Modeling search criteria 2.5 Static enumerations 2.6 Dynamic enumerations 2.7 Auto-complete 2.8 Cascading selection 2.9 Custom UI validations 3. Modeling details view 3.1 Updating child list 3.2 Read-only fields 3.3 Child data objects 3.4 Multi-value sub-object 3.5 Fields from related objects 3.6 Lookup form for selection 3.7 Custom contextual selection 3.8 Standard contextual selection 3.9 Dynamic view titles 3.10 View layout, master-details 4. Implementing security 4.1 Claims identity 4.2 Password authentication 4.3 Securing services 4.4 Securing UI objects 4.5 Blazor Server authentication 4.6 WebForms authentication 4.7 WPF authentication 4.8 WCF authentication 4.9 REST authentication 4.10 WebAssembly authentication 4.11 SPA authentication Next steps Video Tutorials MDD with Xomega.Net Building Desktop Apps Building SPA Web Apps Generating Documentation How-To Guides Environment Object Model and Database Service Model Presentation Layer Static Data and Lists of Values Design Documentation Customization and Extensibility Xomega Generators Model Enhancement Import from Database Full CRUD and Views Enumerations from Database Data Layer EF Domain Objects Entity Data Model Database Schema Database Change Script Service Layer Service Contracts Service Implementations WCF Services Configuration WCF Service Host Files Web API Controllers Presentation Layer Common Xomega Data Objects View Models REST Service Clients Label Resources WCF Client Configuration Blazor Blazor Views Syncfusion Blazor Views Web Forms ASP.NET Views WPF WPF Views TypeScript SPA SPA Views XomegaJS Data Objects TS Service Contracts TS Lookup Cache Loaders TS Enumeration Constants Static Data Lookup Cache Loaders Enumeration Constants Enumeration Data XML Enumeration Reload SQL Documentation Domain Model Design Service Model Design Static Data Design SQLXML Report Custom Generators Xomega.Net for Visual Studio Xomega Project Xomega Editor Xomega Model	4.2 Adding password authentication In this section we are going to add a common Login View for our application and a service that performs user authentication by email and password. The final implementation of the authentication will depend on the specific technology we use, and we’ll describe it for each technology in the subsequent sections. As usual, we will begin with defining the relevant things in our Xomega model. Let's open up the person.xom file, and declare a new data object called AuthenticationObject, which will serve as a data model for our login view. Since it doesn’t represent any persisted object, we will want to turn off modification tracking for it in a custom subclass, so we’ll add a customize attribute, as follows. Next we will define a new structure "credentials" with two parameters for the email and password, which will be added to our AuthenticationObject as properties. Notice how we use the “email” type that we defined earlier, and a "plain password" type for the password parameter, which was pre-configured in the Xomega model. Next let's add an operation "authenticate" to the person object, which will use this structure as an input argument. We also don’t want to expose it via REST or WCF APIs, since they’ll use their own standard authentication mechanism, so we’ll configure our operation to not support them, as shown below. Even though the operation is not going to update anything in the database, we marked it with type "update", so that the Login View would be generated with a Save button and the logic to call this operation with the supplied credentials, which is pretty much what we want for the Login button. So let's go ahead, and add the actual Login View definition in the model as follows. Let's have a look at some things that we have configured on our Login View. We will need to customize the logic for the generated view to implement the actual authentication for each specific technology in our application, so we marked it with the customize attribute. We set the child attribute to true, so that this view would not be added to the main menu by the generator. We set our AuthenticationObject as the view model for the view. We used the standard layout for the view, but we overrode it to make the fields stack up as one column instead of two, and also to set some size. These are all the changes that we need in the model, so we can go ahead and build the model project now. Once the model build finishes, let's open the PersonServiceCustomized.cs under the generated PersonService.cs, and provide a custom implementation for the Authenticate method as shown below. This is where we would need to hash the user supplied password using the salt that is stored in the database along with the hashed password, and compare the result with the latter. For ease of testing though, we will instead just compare it with a hardcoded word "password" for now. If the email address is not found or the password is not valid, we’ll report a critical error using the generated constant InvalidCredentials for the message that we’ve added to the Resources.resx in the .Services.Entities project. Next, let’s open the generated AuthenticationObjectCustomized.cs in the .Client.Common project, and set it up to not track modifications, as shown below. We also set the IsNew flag to false, so that the view title would say just “Login” and not “New Login”. With this common code we’ll have an internal operation that can authenticate a person by email and password, and a generated Login View that can collect this information and call that operation when the user clicks the Save button. Presenting the Login view and the actual authentication of the user will need to be implemented for each specific technology, as we’ll see in subsequent sections. Before that though, let’s see how you can write common platform-independent security logic in the business services and the presentation layer. Next: 4.3 Securing business services >
	Copyright © 2009-2021 Xomega.Net. All rights reserved.