Thursday, October 16, 2008

RPS in Silverlight

first of all I'd like to say that this is going to be a bit of a rant... second, it is my opinion that RPS in general is a giant hack. it is easier to just build your own security infrastructure from the group up then use RPS in my opinion...

That being said at times this has been a requirement. As far as using RPS it is not that difficult once you get past configuration and fairly straight forward to use in Silverlight. In my case I'm currentlying working on a project that shall rename unnamed where it was a requirement to use RPS.

RPS has this thing called a ticket that we pass around to make sure a user is logged in. We had this WCF services we needed to secure as well that the Silverlight application is talking to so we needed to get the ticket up on the client Silverlight app so it can be passed on the WCF calls todo authenication with live id. So once it was working ASP side all we needed todo was seriealize the ticket by using its token or RPS Token value and passing that as a parameter into our Silverlight application.

Then on the root of the app we save this RPS Token value to be used in authentication on the WCF calls.

Great. right?

Wrong...

this all worked fine and about a week in we the ticket type in test changed. one would think ok waht did we do wrong. apparent now we had to authenticate using type 2 in stead of type 3... WT...??? Some time later it changed to 4 and now we have to use 3 again. oh but we have changed anything about around the RPS Tickets? so what is up?

granted this was also a developement system and not hitting the 'live' live id system but still and another guy I know was working on a different project and they hit the same problem. As a joke I finally added this block of code:


StringBuilder WTFErrorList = new StringBuilder();
RPSTicket MyTicket = null;
for (int x = 1; x < 11; x++)
{
try
{
MyTicket= MyAuth.Authenticate(m_RPS_AppName, rpsTicket, (uint)x, propBag); // !!! WTF???
break;
}
catch (Exception E)
{
string WTFErrorMessage = x.ToString() + " WTF Error[RPSSupport::ValidateTicket] " + E.Message;
WTFErrorList.AppendLine(WTFErrorMessage);
WTFErrorList.AppendLine("m_RPS_AppName: " + m_RPS_AppName);
WTFErrorList.AppendLine("rpsTicket: " + rpsTicket);
WTFErrorList.AppendLine("");
Debug.WriteLine(WTFErrorMessage);
}
}
MyTicket.Validate( propBag );

The down side is this will never fly in production with all the code reviews but in got me over the humpe of figuring out what ticket type to use...