Silverlight 4 and security framework

Question

I'm an experienced developer, but new to Silverlight, Prism, MVVM and all related stuff, and I have a need for a flexible approach regarding security in a new application I'm developing. I have this security model implemented through a custom security framework I built for WinForms (actually Visual WebGui), but I need to get some guidelines on how to implement this for Silverlight or if there is something already built that I can use.

All modules implements two interfaces, ISecurableModule and ISecuredModule. ISecurableModule is used to register modules with security repository. ISecuredModule is used to enforce security.

In my Winforms app, at startup (actually after a new install, at first start), a module is started that through reflection inspect all assemblies, looking for modules implementing ISecurableModule interface. This interface reports if a module ce be started in Add Mode, Edit Mode, View Mode or None of them (e.g. a reporting module or data fetch / filter can be open only in View mode, as no data can be changed in it, but a data entry can be open only in Add, or in Add / Edit, or in View) All this data is saved into security repository.

To define security rights, I can create security categories - that is, e.g. Inventory Operator, Inventory Supervisor, Payroll Operator, Payroll Supervisor, etc. For each category, I assign modules selected from security repository, with appropriate rights (e.g. for Inventory Operator I assign module Reception Inventory Operation or Transfer Inventory Operation with Add and View rights, and for Inventory Supervisor I assign all inventory modules with full rights)

Then I create Inventory Operator Role, and assign him the Inventory Operator Security category. I can assign several security categories to each role (because I can create security categories with a higher granularity - e.g. security category to manage own account or to manage group of users - which will be granted to supervisors, etc)

Then at runtime I have the concept of workplace (like shell in Prism) where I can load modules dynamically (really dynamically, I use ServiceLocator pattern to locate a component based on the interface it implements and then there is a controller for each class of module - modules implementing the same interface - which can use a enum field to identify which module to actually load for the time of data needed to process). The workplace controller uses a security provider which check the access rights for module to be loaded against the access rights for current user.

In my SL4 app I want to use MVVM pattern, and thus I want to have my views codeless and drive the whole functionality through ViewModel, ICommands and data binding. So I need some suggestions on how can I accomplish this sort of functionality I described into a SL4 app. I'm not particularly tied to Prism, so I will consider if there is another SL4 framework which can help me accomplish this goal.

Answer 1

You could try to protect the Silverlight application in many ways but in the end you cannot trust the client.

A couple of guidelines I use:

1. Protect the wire: use ssl to protect communication between SL and the back-end (perhaps even issue custom tokens to be able to invalidate a connection)
2. Do not rely on secrets in the Silverlight application (private keys, custom encryption methods, isolated storage) because they are easily broken
3. Put all important logic and security checks on the server.
4. Always check authorization when a receiving a (service)call; you never know who is calling unless you check.

I only use authorization on modules to reduce the download; if you are not authorized to use a module why download it?