Bryant Likes

A question came up in the Silverlight Forums about how to timeout a user when using .NET RIA Services. Since I have implemented this before I thought I would share an approach I used. There might be a better way that is more integrated with the ASP.Net security, but for now this works.

To start with, you’ll need the Sample Application that Brad Abram has been building and blogging about and you might want to read through this post on Authentication in RIA Services before going any further. Once you have that and can build/run it on your machine you can continue on.

The security in Brad’s example uses a simple membership provider that is using RIA Services FormsAuthentication since it takes a username and password to log in. For our example we will extend the FormsAuthentication and add a timeout to it. Below is my implementation of the FormsWithTimeoutAuthentication class:

namespace MyApp
{
    public class FormsWithTimeoutAuthentication : FormsAuthentication
    {
        private DispatcherTimer idleTimer;
        private int minutesIdle;
        private bool idle;
        private bool attached = false;

        public FormsWithTimeoutAuthentication()
            : this(20)
        { }

        public FormsWithTimeoutAuthentication(int idleMinutes)
        {
            IdleMinutesBeforeTimeout = idleMinutes;
            idleTimer = new DispatcherTimer();
            idleTimer.Interval = TimeSpan.FromMinutes(1);
            idleTimer.Tick += new EventHandler(idleTimer_Tick);
        }

        public int IdleMinutesBeforeTimeout
        {
            get;
            set;
        }

        protected override LoginResult EndLogin(IAsyncResult asyncResult)
        {
            var result = base.EndLogin(asyncResult);

            if (result.LoginSuccess == true)
            {
                if (!attached) AttachEvents();
                minutesIdle = 0;
                idleTimer.Start();
            }

            return result;
        }

        protected override LogoutResult EndLogout(IAsyncResult asyncResult)
        {
            idleTimer.Stop();

            return base.EndLogout(asyncResult);
        }

        private void AttachEvents()
        {
            attached = true;
            Application.Current.RootVisual.MouseMove += new MouseEventHandler(RootVisual_MouseMove);
            Application.Current.RootVisual.KeyDown += new KeyEventHandler(RootVisual_KeyDown);
        }

        private void RootVisual_KeyDown(object sender, KeyEventArgs e)
        {
            idle = false;
        }

        private void RootVisual_MouseMove(object sender, MouseEventArgs e)
        {
            idle = false;
        }

        private void idleTimer_Tick(object sender, EventArgs e)
        {
            if (idle == true)
            {
                minutesIdle += idleTimer.Interval.Minutes;
                if (minutesIdle >= IdleMinutesBeforeTimeout)
                {
                    Logout();
                }
            }
            else
            {
                minutesIdle = 0;
            }
            idle = true;
        }
    }
}

All this class does is add a timer that fires once a minute. If the user has either moved the mouse or hit a key in that minute then they stay logged in. If the user hasn’t, then a minute of idle time is added to the idle minute count until the timeout limit is reached. Once that happens the user gets logged out.

Note that the events are attached to the root visual and don’t get attached until the user logs in. This is because the Authentication is created prior to the RootVisual being set.

Simply add this code to the sample project (linked above) and then change the authentication service in the App.xaml as follows:

<Application   
  x:Class="MyApp.App"
  xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
  xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
  xmlns:app="clr-namespace:MyApp"
  xmlns:appsvc="clr-namespace:System.Windows.Ria.ApplicationServices;assembly=System.Windows.Ria"  
    >

    <Application.Resources>
        <ResourceDictionary>
            <ResourceDictionary.MergedDictionaries>
                <ResourceDictionary Source="Assets/Styles.xaml"/>
            </ResourceDictionary.MergedDictionaries>
        </ResourceDictionary>
    </Application.Resources>


    <Application.ApplicationLifetimeObjects>
        <app:RiaContext>
            <app:RiaContext.Authentication>
                <app:FormsWithTimeoutAuthentication IdleMinutesBeforeTimeout="2"/>
                <!--<appsvc:WindowsAuthentication/>-->
            </app:RiaContext.Authentication>
        </app:RiaContext>
    </Application.ApplicationLifetimeObjects>

</Application>

Here I’ve set the IdleMinutesBeforeTimeout to 2 minutes so that it is easy to test.

Once you’ve modified the application, when you run it you will get logged out after the number of minutes you specify in the timeout. There are lots of enhancements that could be made to this simple approach, but this works for most situations.

If you’re reading this then you’re on my new blog homepage at http://bryantlikes.com. I’ve wanted to move off of http://blogs.sqlxml.org for some time but every time I start to work on it I get overwhelmed by the amount of work involved. I would usually get stuck on (1) how to migrate all my content and (2) where to host it since there is a lot of content and most hosting providers give you very little SQL storage.

I looked at a lot of options and even setup Oxite on Azure by following this guide, but since I didn’t know what the monthly costs will be I decided not to take that route. Since I was recently awarded the MVP award I decided to look at some of the benefits and I found that Orcs Web offers a free hosting account to MVPs. I know Orcs has a great service so I was excited to give that a try, but I didn’t think their SQL storage would be enough for my blog. That is when I got the idea to give dasBlog a try. DasBlog stores all your data in xml files instead of using a SQL database. At first that sounds like a bad idea, but if it can support Hanselman’s blog, then surely my blog would have no problems at all. Plus it solves the SQL storage issue.

Now the harder question, how do you migrate all the content. At first I tried using the BlogML stuff to pull all my content out of Community Server, but I have a lot of content so I ended up getting lots of exceptions. I tried to hand code some solutions, but finally gave up. Then I got the idea to just take the simple route and write a custom program to read the data from my CS database and generate the XML files that dasBlog uses. So I used some Linq to SQL classes and wrote the XML using Linq to XML. It was fairly easy to do and it worked great.

The next step was to setup the redirects on the old site to point to the new site. I have all the articles redirecting and I think they all work (for the most part). I had to setup some custom redirects for some of the articles with non-standard characters in the titles, but other than that it was pretty easy. I also followed Scott’s post on canonicalize my URLs and using IIS7’s rewrite module. Orcs provides access to your IIS7’s manager remotely which works great.

I still need to migrate my articles, but I’ll get those done later today. Other than that it is a done deal. I’m very happy to be off the sqlxml.org domain which I still host at home and to be off of Community Server.

Lately, I wanted to thank Alexander Groß for the great theme which he created. I think this new blog is much easier to read and so far I’ve enjoyed the dasBlog software. I’ve even write a custom macro to put the RSS feeds on the category pages. I’m sure I’ll do some more customization down the road and post about as I go.

Hope you like the new blog!

On October 1st I was honored to receive the Microsoft Most Valuable Professional Award for Silverlight. I am very excited that I received this award and look forward to continuing my contributions to the Silverlight Community.

I wasn’t the only one to receive this honor as Tim Heuer blogged here:

As of today (01 OCT 2009) we welcome some new folks to the Silverlight group:

• Rick Barraza (@rickbarraza)– wicked interactive design/developer with kung-fu XAML skillz
• Bryant Likes (@bryantlikes)– great contributor to the Silverlight Forums helping others solve their problems!
• Corey Schuman (@cschuman)– UX design/developer in Atlanta doing a bunch of great Silverlight community work
• Davide Zordan (@davidezordan)– over the pond in Italy spreading the Silverlight love!
• Jeff Paries – Silverlight animation wizard – get his book!
• Robby Ingebretsen (@ingebretsen)– another kung-fu XAML/Blend ninja
• Ambrose Little (@ambroselittle)– co-author of Silverlight 3 Programmer Reference and the man behind Quince (no @ambrosesbeard was not awarded)
• Huijun Li – helping spread the Silverlight in China overseas!

I’m very excited to be a part of the Silverlight MVPs group and look forward to working with them all.