Visual Basic has a long and interesting history. For developers of a certain generation (including yours truly), a flavor of BASIC was your first language. Some snobs fans of other languages claim that the syntax is awkward and outdated, but VB.NET continues to fill a niche for rapid application (and web) development, just like its non-.NET predecessor did back in the early days.

If you love using XML literals in a pinch (try that, C#!), or just plain don’t like semicolons everywhere, never fear. I write more lines of C# these days, but VB.NET holds a special place in my heart, too. That’s why I’m excited about Stormpath support for VB.NET!

What’s that, you say? You need an easy way to handle user identity management and authorization, in just a few lines of code? You’re in luck! The Stormpath .NET SDK was built from the ground up with first-class support for VB.NET in mind.

In this short guide, I’ll walk through the steps necessary to build a simple VB.NET console application that uses Stormpath for user authentication and authorization.

To follow along, create a new Visual Basic.NET console project in Visual Studio. If you’re using a Mac, check out the guide I wrote about how I turned a MacBook Pro into the ultimate Visual Studio development machine.

Getting an API Key

All API requests to Stormpath require a valid API Key and Secret. The Stormpath .NET SDK does this automatically; all you have to do is generate an API Key in the Stormpath Admin Console.

  1. If you haven’t already, register for Stormpath, and click the link in the verification email.
  2. Log in to the Stormpath Admin Console.
  3. Click Create API Key or Manage API Keys under Developer Tools on the right side of the page.
  4. Scroll down to Security Credentials and click Create API Key. This will generate your API Key and download it to your computer as an file.

We recommend you store the API Key and Secret values as environment variables, or place the downloaded file into a hidden folder in your home directory. (In a production environment, environment variables are highly preferred!)

To store the API Key and Secret as secure environment variables, open the file in a text editor and execute these commands in a terminal window (Command Prompt or PowerShell both work):

To store the file in a hidden home directory folder, execute these commands instead:

Or, in PowerShell:

Installing the .NET SDK

Use the Package Manager GUI or the console to install the Stormpath.SDK package:

All the dependent packages are pulled in for you automatically.

Creating a Client and Connecting to Stormpath

Paste this code into the Module1.vb file generated by Visual Studio:

Next, create an IClient instance and point it at the downloaded key file. You’ll reuse this object to make calls to the Stormpath API:

Note: If you followed the steps above to create secure environment variables (or placed the file into the default location of ~\.stormpath\, you can omit the call to SetApiKeyFilePath. The Client builder will check the default locations for you; specifying the file location is only necessary if you stored it elsewhere.

When you registered for Stormpath, a default application called “My Application” was created for you. You’ll need to retrieve it by making a request to the Stormpath API:

Asynchronous and Synchronous Programming in VB.NET

This tutorial uses the Awaitable asynchronous methods available in the SDK. If you’re following along, you’ll need to make a small change:

The SDK includes a synchronous API as well, if you don’t want to use Async and Await in your code. To make synchronous API calls, use the methods in the Stormpath.SDK.Sync namespace instead, and use the Synchronously helper method in LINQ queries:

Storing User Profiles

Creating a user account is straightforward:

To persist the account in Stormpath, you simply Await CreateAccountAsync (or call CreateAccount if you are using the Sync namespace):

Authenticating a User

To make a login request, call AuthenticateAccountAsync and pass the username/email and password. This method will throw a ResourceException if the login is invalid, so you can wrap it in a try/catch block:

If the login attempt is successful, the returned IAuthenticationResult instance will include a link to the authenticated account. Calling GetAccountAsync will follow the link and retrieve the account details.

Role-Based Authorization Using Groups

Stormpath models roles using Groups. To demonstrate assigning a role to Joe Stormtrooper, create some demo groups:

Once the Groups are set up, assigning a user a role is a single line of code!

When your application needs to perform an authorization check, the Groups a user belongs to can be enumerated, and your application can grant or restrict access based on which Groups are present.

As a simple example, you can print the Groups Joe belongs to:

Fine-Grained Permissions with Custom Data

If you need more granular control of a user’s permissions, you can store arbitrary key-value pairs using Custom Data.

For example, to indicate that Joe has read (but not write) access, you could store these values:

Checking the user’s permissions becomes a simple matter of getting and parsing the values you stored earlier:

Custom Data isn’t limited to storing permissions data; it can also be used to store additional user profile information, or any other schemaless data you need to persist alongside your Stormpath resources. You can store strings, booleans, and other primitive data types – up to 10MB of data per resource.

Sample Code

A working example of the code from this article is available in the vb-console-sample Github repo. A synchronous version of the demo is included, so you can see how the Stormpath.SDK.Sync namespace works.

Code on, Fellow Visual Basic Traveler!

We’ve got plenty of exciting things coming up, including rich ASP.NET support! In the meantime, if you have questions or feature requests, don’t hesitate to send us an email, or join the conversation on Github.