Reputation: 9171
Secure my internet web service for silverlight applications
I have a Silverlight application that is out of browser and resides on the client desktop. I want to make it call my web service that is on the internet.
How can I be sure that the call being made is valid and not an intruder?
In my head I want to say I can just pass a password that only the Silverlight application knows... but I am sure that will not work.
How do people typically do this sort of thing?
Upvotes: 0
Views: 91
Answers (3)
Reputation: 911
Im not sure if i understand the question correctly so this answer might be bit off and sorry if it is.
Silverlight client call to wcf service is validated by clientaccesspolicy.xml.
In the allow-from section of that file you set from which hosting domain can silverlight application access the service, access from silverlight application hosted on different domain will result in crossdomain exception. But its probable that malicious user can change the hosting domain information in silverlight client.
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAP">
<domain uri="http://my.domain.com"/> <!-- allowed domains -->
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
Upvotes: 0
Reputation: 3218
It depends on who you actually want to protect your web services from. I suppose that the issue here is that you don't want your user to use other applications to call your services.
A silverlight application runs on the clients computer. Everything that the silverlight application knows is also accessible for the end user or anyone else with access to that computer. That is, if silverlight can call your web service, then your end user may use other tools to make the same calls as well. You can create schemes that makes it difficult to do so, but it will be possible.
Upvotes: 1
Reputation: 1728
You can use authentication SL + ASP .net membership provider:
http://www.silverlightshow.net/items/Leveraging-the-ASP.NET-Membership-in-Silverlight.aspx
Good luck Braulio
Upvotes: 0
Related Questions
- How to secure a Silverlight-Enabled WCF Web Service with SSL?
- Silverlight app as a service provider
- Stand-alone Silverlight Web Application that need Authentication
- silverlight and wcf security without iis
- Authentication Webservice in Silverlight 4
- Silverlight Web Service
- Security for web services only used from a Silverlight application?
- how to secure my server methods
- Secure my web services
- Web service access from Silverlight