Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Silverlight user authentication

I am currently developing a Silverlight 3 app that needs some sort of user authentication, because the data pulled from a WCF service is user specific. Target audience is the regular Internet - so there is no AD to authenticate against.

Here are some of the questions I have concerning that situation:

  • Is there a framework or other mechanism that would support me?
  • Would you recommend authentication within the Silverlight app or via outside mechanisms like forms auth? Which is more secure?
  • What about out-of-browser support?
like image 580
Tobias Hertkorn Avatar asked Jul 12 '09 15:07

Tobias Hertkorn


People also ask

Is Silverlight a security risk?

Vulnerabilities in . NET Framework and Microsoft Silverlight Allow Code Execution (MS12-016) is a high risk vulnerability that is one of the most frequently found on networks around the world.

Why was Silverlight discontinued?

The Mono Team abandoned development of Moonlight, a free and open-source implementation of both the Silverlight 1 and 2 runtimes. Development was discontinued in 2012 due to the poor acceptance of Silverlight and the restrictions imposed by Microsoft.

Does anything still use Silverlight?

Microsoft Silverlight will reach the end of support on October 12, 2021. Silverlight development framework is currently only supported on Internet Explorer 10 and Internet Explorer 11, with support for Internet Explorer 10 ending on January 31, 2020.

What is Silverlight used for and do I need it?

Microsoft Silverlight is a free web-browser plug-in that enables interactive media experiences, rich business applications and immersive mobile apps.


1 Answers

I used ASP.NET's authentication. Just use a MembershipProvider (or implement your own). Then go to http://www.silverlightshow.net/items/Accessing-the-ASP.NET-Authentication-Profile-and-Role-Service-in-Silverlight.aspx to check out how you can expose the authentication service.

Then in your WCF service, you do the following (hosted in ASP):

public class MyWCFService : IMyWCFService 
{
        // retrieve your UserId from the MembershipProvider
        private int GetUserId()
        {
            MembershipUser user = Membership.GetUser();
            int userId = (int)user.ProviderUserKey;
            return userId;
        }

        // check if user is authenticated
        private bool IsUserAuthenticated()
        {
            return HttpContext.Current.User.Identity.IsAuthenticated;
        }

        public void Subscribe()
        {
            if (!IsUserAuthenticated())
            {
                throw new SecurityException("You must be authenticated to be able to use this service.");
            }

            int userId = GetUserId();
            DoStuff(userId);
        }
}

Hope that helps.

like image 110
R4cOOn Avatar answered Oct 02 '22 02:10

R4cOOn