Skip to main content

Latest Posts:

Silverlight + WCF + SSL + Authentication quick troubleshooter
Entry Date: Nov 2008 keywords: WCF; Hosting; Security; Silverlight; Web Services; .net framework 3.5;
Short Description:

Some days ago I had to deploy my application into SSL hosting and add Authentication.

I have compiled the issues and solutions that I found, hope that this could save you some headaches

Entry:

Playing with Silvelright is nice, but… What happens when you convince your boss to do a real development? Suddenly you find you that most of the samples that you have used runs under naïve HTTP and what’s worse they don’t care about security or authentication, even you can be months developing using your cassini under http… but normally that won’t be your real business scenario, isn’t it?

Now, don’t panic :-), It’s possible to use SSL + Authentication on Silverlight? The answer is yes, Does it support all the possible scenarios? The answer is NO.

If you want to use SSL+Auth you have to configure your services as you did on your AJAX application, they must have session enabled, and you get the context information from there (e.g. user logged in), what does this mean? Like in AJAX applications you will have to perform regular pings, or have some service authentication where you can automatically login once the session expires (there are other solutions, but seems complex to me, poor silly dude).

That’s for services, but what about making direct calls to cross domain using WebClient or HttpWebRequest plus Credentials? It is not possible to supply credentials for HTTP auth in SL2 due to limitations in NPAPI. Since this is a cross domain scenario, you would need to tunnel the request through a proxy service on the server first where they would have complete control over the request.

Another issue that you will find, is that, in some scenarios, you will need to have to WCF and IIS knowledge to config… so you will face the devil doubt, Is a Siliverhght issue, is a WCF config issue, or is a IIS issue?

In my case, after some googling and good community help I manage to get my Silverlight + SSL + Authentication up and running, below you will find a compilation of troubleshooters links that I have found in that way, hope to save you some headaches.

General Errors

Not found Error: You attempt to make a call to the service and you get a “Service Not Found” error.

  • Are IIS Web Services enabled? By default not,check it out on your IIS management console:
    WCF 

services enabled
  • Is WCF right installed / registered? You can try to reinstall it using an Ms Dos command (just make a checkpoint before doing this ;-)), or register manually our svc. extension. Check out this link and this other one
  • Right service URL: Just display the URL of your service in a text box to ensure that you are calling the right one (copy it and paste over your navigator and check that you get a valid page).
  • If you are not sure if your WCF is right configured, you can try as well to create an old asmx webservice and check if things are working for that (if asmx works, you have to check your WCF config ). :-)

Cross Domain error on Same Domain call

  • Your site is something like https://mysite.com and the service call tries to call https://www.mysite.com : This is an strange case, I found some solution, but lost the link, if you have that issue ping me and let’s see if we can find that solution :-).
  • Another pain in the neck, is go configuring your URL’s to support development and production, if you are not making cross domain calls, there is a trick to automate this (Host.Source), check out this post
  • Another issue comes when you are on HTTP and try to make a call to a service that is under HTTPS, you will need to place on the root of your IIS a policy file (bad thing if you are sharing hosting).

Failed to call SSL

  • Configure your WCF service to use SSL: (transport…), how to
  • You will need valid certificates.. there is a way to generate something for dev purposes as well.

Authentication: you must rely on ASP .net session + Authentication

  • Here you will find an auth solution using Windows Live ID:
  • About using ASP .net Membership, check out basics, roles roles and an step by step tutorial.
  • About how to configure web service to work with session:
      
        [ServiceContract(Namespace = "")]
        [AspNetCompatibilityRequirements(RequirementsMode = 
    
    AspNetCompatibilityRequirementsMode.Allowed)]
        public class MyService    
        
          
        [OperationContract]
        public EntityAccountsShared GetSharedAccountsForGivenFolder()
        {
        // Accesing HTTP Context session content
        HttpContext.Current(...)
        (...)
        }
        

Other Errors:

Hope this helps.



Page (1) Of 1