Reputation: 1777
What are the security pitfalls in a Silverlight app communicating with a WCF service?
My company is building a medical application. We would like to utilize Silverlight 2.0/3.0. Because of HIPAA laws, security is at the top of the list and can't make mistakes here.
What makes or doesn't make a WCF call secure in the context of using Silverlight?
Upvotes: 1
Views: 366
Answers (3)
Reputation: 3721
Network security Access Restrictions in SL2
The above are links to decent resources on Silverlight and WCF security, but Mike_G summed it up accurately, you're limited to HTTPS security.
Upvotes: 0
Reputation: 7128
As far as I know, if the Silverlight XAP file is served from the same web site that the web service is in, then they can share the ASP session.
In this scenario, you would authenticate the user to the web site, as usual. When they get the XAP file, its communication back to the server can use sessions, just like all normal HTTP calls would be using (passing the cookie).
If they are in different web sites, then they cannot share the session, and you'll have to do something else in the web service to verify the caller.
Upvotes: 1
Reputation: 16502
Since Silverlight only works with the HTTP(S) bindings of WCF, you're only as secure as HTTPS allows you to be.
Upvotes: 2
Related Questions
- Silverlight and WCF or not?
- WCF security issue in Silverlight
- Silverlight/WCF login session
- Silverlight application with WCF
- silverlight and wcf security without iis
- silverlight 4 and wcf security
- WCF communication with a Silverlight application
- Best practice for using Wcf service by silverlight?
- Authentication options in a scenario, where a silverlight application is calling a self-hosted wcf service
- Securing a WCF service so that it can only be called by a Silverlight application