Thanks for the reply, I found the articles to be very informative. However all of these articles focus on enforcing the authentication before the user is allowed to access the system. One briefly mentions allowing the user access to the software before authentication
without much elaboration.
I'd like to have the potential for Anonymous users for this release of Genesis. My idea is that I can provide a working surface similar to
www.Google.com/ig, Sharepoint or DotNetNuke. Anonymous users should have access to the system, and depending on the developer implementation of his/her application, there could be public modules, or none at all.
I have no intention of writing a Content Management System, however PRISM, with dynamic module loading and IOC, lends itself so nicely to the idea. Users are already used to being able to drag and drop their own "modules" to where they like to
use them on a screen layout that they are comfortable with. I'd like to be able to provide some level of user-personalization support in this version of Genesis.
If you have a look at the standard Silverlight Business/Navigation applications, users have anonymous access until they click on the Login link, whereafter the application is aware of who the user is. This implementation has no real intelligence as to what
screens to show/hide based on authentication. Custom code has to be written on each screen to prevent unauthorized access. If the developer chooses to apply Role requirements to the RIA services, he/she still has to write code to prevent an unauthorized user
from accessing a view that would call the RIA method. If they did not, an ugly exception is shown to the user, in most cases not even telling the user what he/she did wrong.
I am also not looking for a de-facto implementation of said security system, I am really asking for some idea's from the community at this point in time. I have been playing with the security in Genesis for the last two weeks and I feel that I'm just not
being creative enough. ie. Today I was thinking of running two bootstrappers, one for authentication and then the main application one. However all of my thinking keeps along the lines of sign-in-first.
I have to take into account that www.google.com/ig allows no customization until the user has been authenticated, however Sharepoint and DotNetNuke allow for anonymous access. Facebook is useless until you've signed
in, and Twitter allows you to read the public tweets. My problem is that I don't know what applications I, or anybody else using Genesis, will develop on the framework. I cannot enforce a model, it has to be flexible to allow the developer to choose how he/she
wants the application to behave.
Any feedback is appreciated