Post New Web Links

Silverlight Security: Securing Your Silverlight Applications

Posted By: Posted Date: August 21, 2010 Points: 0 Category :ASP.Net

Josh Twist explains the unique challenges developers face in securing Silverlight applications. He shows where to focus your efforts, concentrating on the key aspects of authentication and authorization.

Josh Twist

MSDN Magazine May 2010

View Complete Post

More Related Resource Links

Inside Microsoft patterns & practices: Building WPF and Silverlight Applications with a Single Code

This article discusses the Project Linker tool and other techniques to create applications that target both WPF and Silverlight from a single code base.

Erwin van der Valk

MSDN Magazine August 2009

CLR Inside Out: Security In Silverlight 2

Andrew Dai of the CLR team discusses the Transparency model, which creates a strong isolation boundary between privileged and unprivileged code for Silverlight apps.

Andrew Dai

MSDN Magazine October 2008

Data Services: Create Data-Centric Web Applications With Silverlight 2

ADO.NET Data Services provide Web-accessible endpoints that allow you to filter, sort, shape, and page data without having to build that functionality yourself.

Shawn Wildermuth

MSDN Magazine September 2008

Quick Note: Create Silverlight Applications to Access SharePoint 2010 Data

In this exercise, you will learn how to create Silverlight applications to display SharePoint 2010 lists inside DataGrid controls.

Video: Consuming SharePoint 2010 Objects and Data in Silverlight Applications

This video provides an overview of how to build Silverlight applications that access SharePoint data. (Length: 3:50)

Video: Hosting Silverlight Applications in SharePoint 2010

This demonstration shows how to host a Silverlight Application in a Web Part. (Length: 4:17)

Video: Developing Silverlight Applications by Using the SharePoint 2010 Client Object Model

This demonstration shows how to use the client object model from a Silverlight application. (Length: 11:15)

Upcoming speaking engagement: ASP.NET MVC 2, Silverlight Security at New England Code Camp 14

I haven't spoke at a conference for awhile but I plan to offer several sessions at the New England Code Camp 14 that will be held at the Microsoft offices in Waltham, MA on October 2, 2010. Here are my topics: Introduction to ASP.NET MVC 2 Level: Introductory Abstract: MVC has been a big buzzword for ASP.NET developers. We'll explore what it is, what problems it solves, and how to be effective with it. This is for beginners that have had no experience with MVC but have worked with ASP.NET Web Forms...(read more)

Silverlight enabled web service security error

I tried to create a SL enabled Web Service by following the example from the Microsoft link: http://msdn.microsoft.com/en-us/library/cc197940(VS.95).aspx When I got to step 6 to test the web service that I created (View in Browser), I got the following error: Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service. My IIS is located on my local machine with Windows Integrated Authentication and Anonymous access unchecked. After checking the Anonoymous access checkbo, I still got the above error. I have read other post on the Internet that Silverlight uses BasicHttpbinding but the settings in the web.config file was created by Visual Studio 2010 (running .NET 4.0), so I didn't think I need to mess with it. The following is the section from the web.config: <system.serviceModel> <behaviors> <serviceBehaviors> <behavior name=""> <serviceMetadata httpGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="false" /> </behavior> </serviceBehaviors> </behaviors> <bindings> <customBinding> <binding name=

Why silverlight applications only require ClientAccessPolicy.xml, why web application does not?

I know that silverlight application to access cross domain WCF/ web service need clientaccesspolicy.xml(silverlight way)/crossdomain.xml(flash way).

Does web application accessing the cross domain WCF/ web service need this clientaccesspolicy.xml(silverlight way)/crossdomain.xml(flash way)?

If the answer is no , why clientaccesspolicy.xml(silverlight way)/crossdomain.xml(flash way) required only for silverlight/flash applications?

Regards,

-dillip

Security Validation / Silverlight issue?

When Security Validation is turned off on a 2010 web application, the Silverlight menus break in that web app. Why is that? I've seen it across many farms, so I know it's an issue.

Design view in VS2008 for silverlight applications

Hi,

I installed the Silverlight 3 Tools for Visual studio 2008 sp1. But after this the design view for Silverlight 3 XAML files is not shown in VS 2008. Please if anybody have some solution for this problem let me know.

Thanks in Advance!!!

Best regards,
Subalakshmi Vijayarajan.

Subalakshmi Vijayarajan.

Silverlight and WCF 'simple question' (right), involving https vs transport security

Two questions: I’m familiar with WCF and using it with Silverlight, https:, and I have a remote web server that I have a SSL / TLS certificate on.

I want to encrypt login and/or data to and from the web server. Already I can do this on localhost, using this video: http://www.silverlight.net/learn/videos/silverlight-videos/using-aspnet-secure-services-and-applications-services/

(“In this video, Tim Heuer demonstrates two important features of Silverlight and ASP.NET, using secure web services and using ASP.NET application services from within Silverlight. This demonstration walks through securing services and interacting with the ASP.NET authentication services to restrict use as well as directly interact with ASP.NET application services from within a Silverlight application.”)

Also I have reviewed this video on localhost:

Video: Create Silverlight Applications to Access SharePoint 2010 Data

Learn to create a Silverlight application that displays SharePoint 2010 lists inside DataGrid controls.

Sample: Integrating Custom Silverlight Applications with SharePoint Server 2010

Explore the code as you learn to use the SharePoint Foundation 2010 managed client object model to work with managed Microsoft Visual C# code within the context of custom Silverlight 4 applications.

Integrating Custom Silverlight Applications with SharePoint Server 2010

Learn how to use the SharePoint Foundation 2010 managed client object model to work with managed Visual C# code within the context of custom Silverlight 4 applications.

Working with User Names and Roles in Silverlight Applications

Security is a key component of applications and something that developers often struggle with to get right. How do you authenticate a user? How do you integrate roles and use them to show or hide different parts of a screen? These and other questions commonly come up as I talk with developers working on ASP.NET and Silverlight applications.

I was recently presenting a workshop on Silverlight at the DevConnections conference in Orlando and had a question from the audience on how I handle security roles in Silverlight applications. Since I had just implemented a security mechanism for a customer I gave a brief response but didn't have a sample application available to share to point people in the right direction. After the workshop was over I put together a sample application to demonstrate one potential approach for accessing user names and roles. I'll walk through the sample application in this post and highlight the key components.

The goal of the post isn't to dictate how to authenticate users since every application has unique requirements. However, I will discuss general techniques for accessing user names and working with roles to block access to views and show or hide controls.

Security Techniques

Silverlight applications can take advantage of Windows and Forms authentication techniques and can integrate user roles in


Categories:

ASP.Net	Windows Application	.NET Framework	C#	VB.Net	ADO.Net
Sql Server	SharePoint	Silverlight	Others	All