Right now, someone using this application would be able to see and edit every ticket in it. While this may be okay for a small company, we need to be able to address security concerns if we’re going to use this technology to develop real-world line of business applications. In this chapter, you will learn about the types of authentication supported by LightSwitch. You will learn to manage roles and rights using the built-in user interface and connect the logged-in user with profile information about your users. Finally, you’ll learn how to add this data to a screen and integrate it into your application.
Let’s start out with a quick discussion about application security basics.
Authentication is the function of validating the identity of a user. This does not inherently provide the user with the ability to do anything within an application; it simply determines the user’s identity.
Authorization is the function of determining access rights to a set of resources.
In order to perform authorization activities, we first need to know the identity of the user—so these functions are typically performed together. Generally, users who are not authenticated are considered anonymous or guests and can be given a limited authorization.
Authentication in LightSwitch is disabled by default. In the Solution Explorer, double-click on Properties to launch the Application Designer ...