locked
Silverlight and Website access RRS feed

  • Question

  • Hi

    I am writing a silverlight application which gives users access to a account information and allows them to log support calls. I also want to give them access to display user manuals which were generated from madcap software (its a javascript website).

    Now I dont want the website that holds the manuals to be generally accessible on the internet, but only accessible from the silverlight app which has username/password protection. The question is how to achieve this. I can display a webpage using a iframe sitting over the top of the silverlight app, but how do I secure the webpage, and how to I access it securely

     

    Thalks

    Sunday, May 17, 2009 7:30 AM

Answers

  • to have your files protected the main part of the work is server side and not on the client. I don't know how madcap works but if you want to protect files and have the same security context they must share at least a cookie (so they probably has to be in the same domain) to avoid multiple request of credentials.

    Silverlight share the cookies with the browser so when you enter a security context silverlight also enter it.

    hth

    Monday, May 18, 2009 3:20 AM

All replies

  • You can protect your web pages using Membership API. Give it a look.

    http://msdn.microsoft.com/en-us/library/yh26yfzy.aspx

    Silverlight ca take advantage of them because runs in the same context of the web page.

    HTH

    Sunday, May 17, 2009 10:41 AM
  • Div elements has a free htmlhost control you can use to  display an html page in a silverlight app

    http://www.divelements.co.uk/silverlight/tools.aspx

     

     

     

     

    Sunday, May 17, 2009 10:43 AM
  • Hi

    This is basically the same as an iframe sitting over the silverlight app. My primary concern is

    a. Stopping the manuals website from being unsecure. I only want it to get access from within the silverlight app

    b. Not having to have the user to enter a username/password when the manuals website comes up. They have already authenticated to get into the silverlight app

    Sunday, May 17, 2009 5:49 PM
  • Hi

    Ok. The user needs to authenticate to get into my silverlight app already (using my own code). I dont want them to have to authenticate again when they click on the manuals option

    Sunday, May 17, 2009 5:51 PM
  • Are the pages (plugin container and manuals) in the same domain?

    If you use a custom authentication model what do you use to maintain the session (cookies, url, etc)?

    can you wrap the download of the manuals in an httphandler that authenticate the user before starting to stream the file?

    HTH

    Sunday, May 17, 2009 6:00 PM
  • hmmm. Now you are beyond me. I have never used ASP.net other than the aspx page created to host the silverlight app.

    Anyway. The page we are displaying is currently contained in a htm file (not aspx) and is java script generated by madcap software. I am pretty sure I could contain this in a asp.net page given a bit of research.

    The pages will be hosted in the same domain. Currently they are hosted in different virtual web sites within the same domain/iis and could definately be in the same virtual directory.

     

    Sunday, May 17, 2009 6:16 PM
  • to have your files protected the main part of the work is server side and not on the client. I don't know how madcap works but if you want to protect files and have the same security context they must share at least a cookie (so they probably has to be in the same domain) to avoid multiple request of credentials.

    Silverlight share the cookies with the browser so when you enter a security context silverlight also enter it.

    hth

    Monday, May 18, 2009 3:20 AM