TipsDotnet - HowTo: Use Message Credentials to Secure a Service for Silverlight Applications

“Dotnet tips, SQL Server tips, Silverlight tips, AJAX tips...”

Read Experts reviews and compare prices to find the right desktop or laptop for you from the huge collection.

HowTo: Use Message Credentials to Secure a Service for Silverlight Applications

Entry Date:		Rate:
Site:
Keywords:
RSS Description:	This topic describes how to use message credentials to secure access to services that are intended to be used from Silverlight version 3 applications. Many authentication methods, such as cookie-based ASP.NET forms authentication or Windows authentication, rely on the Web browser to automatically inject authentication information into each message. This is convenient, because it requires little or no specific Silverlight code, and it enables a single login to both a Silverlight application and the HTML page that hosts it. However, browser-based authentication is typically not secure for cross-domain access. If you secure a service using a browser-based technique, and publish a cross-domain policy file that allows access from domains that you do not control, you are exposing the service to cross-domain attacks. Thus, a different mechanism is required to secure services that are to be accessed in a cross-domain fashion. The message credentials feature provides just such a mechanism for SOAP services.
Comments:	nice Silverlight 3 enhancement, custom security not browser dependant. The article guides you and indicates you when you should use this approach (e.g. crossdomain calls).