locked
Silverlight 4 Security with WCF RRS feed

  • Question

  • Hello,

    I have a Silverlight 4 application that uses a lot of WCF services that I now need to secure.  I am currently using the stock domain service (AuthenticationService) to log my users in to my Silverlight app using the ASP.NET Security features, but I am willing to change this if it makes sense. 

    Here is what I would like to do:

    • Provide an easy way for my users (and my admins) to change user passwords and other details
    • Only allow logged in users to call WCF services
    • Some WCF services should only be called by system administrators (role-based security?) 

    Again, I am using Silverlight enabled WCF services here, not domain services.  Is it possible to use forms based authentication (using AuthenticatoinSerivce), and pass the role and/or user information to my WCF services?  It looks like AuthenticationService has everything I need to manage my user’s accounts – including an easy way to allow them to change their own passwords.  However, is this type of security compatible with WCF Services?  And if so, how do I pass the logged in user info to the service?  Will the service need to then re-validate the credentials, or is there something that can be done at the service level  for this?

    Or, should I create all of this from scratch on a new service?  Any help is greatly appreciated. 

    Thanks!

    Friday, February 18, 2011 11:14 PM

Answers

All replies