0

I´ve noticed that my Silverlight/WCF RIA Services application overrides local browser login/session, when i use my silverlight application in multiple tabs or multiple instances of a browser.

When i open my application in one Tab (Tab 1) and log in as "Systemadminstrator" (aka. getting access to all operations) and open an other Tab (Tab 2) to log in as "Default User" (aka. restricted access to operations), then i don´t have access to operations of "Systemadministrator" in Tab 1. I get the message "Access to operation 'xyz' denied".

I can reproduce this behavior and it isn´t browser specific. So how can i manage multiple logins to my application in a browser? Do i have to edit or extend the data that is stored in the cookie?

Background: My DomainServices are decorated with the RequiresAuthenticationAttribute and some methods on the domain services require a specific role set via RequiresRoleAttribute. I have a custom AuthenticationService and RoleProvider. Using only one Tab is no problem.

Update: I tried the solution provided in the question asp.net - session - multiple browser tabs - different sessions? setting following values in the configuration file.

<configuration>
  <system.web>
    <sessionState cookieless="true"
      regenerateExpiredSessionId="true" />
  </system.web>
</configuration>

The Urls in the 2 Tabs contain diffrent session ids but the effect is the same.

Community
  • 1
  • 1
Jehof
  • 34,674
  • 10
  • 123
  • 155
  • 1
    You are sitting on top of a ASP.NET session. I believe that this question/answer may help http://stackoverflow.com/questions/2840615/asp-net-session-multiple-browser-tabs-different-sessions – Rus Jan 25 '12 at 12:39
  • @Rus : Not bad. This seems to answer my question. I will give it a try and comeback. – Jehof Jan 25 '12 at 12:46
  • @Rus: I tried the second answer of the question, but this doesn´t change the bevahior. – Jehof Jan 25 '12 at 13:10

0 Answers0