Programming with .NET - General

Re: Re: Re: Re: Re: Authenticating Silverlight Users

y_makram — Mon, 26 Nov 2007 20:08:44 GMT

If I have control over the host ASP page, I will definitely use ASP .NET authentication. The issue will raise when you are developing the Silverlight solution that will not depend on the host page for authentication. An example would be a mashup hosted on live streaming service that can be hosted on blogs for example, but requires user authentication, therefore it has to be done from the Silverlight application, not the host page. If the hashing algorithm doesn't come with the Silverlight release, I am sure that will be community provided implementations for hashing algorithms.

Re: Re: Re: Re: Re: Authenticating Silverlight Users

geekpunk — Mon, 26 Nov 2007 19:58:42 GMT

no reason why you cant use any of the asp.net authentication stuff... keep in mind, silverlight is just page content. Not a replacement for an aspx or html page. My suggestion was for a solution to have the authentication happening directly in the silverlight, while ensuring the username/password were encrypted from point to point.

Re: Re: Re: Re: Authenticating Silverlight Users

helfon — Mon, 26 Nov 2007 15:34:56 GMT

Is Anonymous access required to be on for silverlight? Is there any way to use Windows Integrated Authentication? What about putting forms based authentication on the hosting page and then storing the user name for the silverlight control to access?

Re: Re: Re: Authenticating Silverlight Users

geekpunk — Mon, 26 Nov 2007 13:24:32 GMT

keep in mind silverlight, needs to be cross platform and light. My guess is msft will see this stuff as not needed for "ALL" developers, and will not add this. But again you get C# and the .net core, so build your own.

Re: Re: Authenticating Silverlight Users

jono_pare — Mon, 26 Nov 2007 08:57:37 GMT

Thank you both for your input. I am reluctant to use JavaScript now that Silverlight's come along: the move to a managed code plug in is - in my mind at least - a great way to avoid the cross-platform horrors that JavaScript brings as standard. That road map diagram was pretty neat, but as well as missing out on cryptography, there was nothing about X509 certificates. Are we being deprived of these too? Intellisense seemed to think there might be support for certificate based authentication, but I haven't got very far exploring it yet. Regards, Jono

Re: Re: Authenticating Silverlight Users

geekpunk — Mon, 26 Nov 2007 02:17:54 GMT

id hate to have to see you fall back on js for something like this.

As that you have all the power of the .ne framework, minus some goodness, I would instead generate my own md5sum function or the like in combination w/ a challenge string sent down from a web service call, or in the generated aspx. I wouldnt expect this to be built into the final bits, but generating this kind of code should be pretty light weight.

Re: Authenticating Silverlight Users

y_makram — Sun, 25 Nov 2007 21:38:29 GMT

According to the Silverlight Roadmap there is no plans to support cryptography http://download.microsoft.com/download/f/2/e/f2ecc2ad-c498-4538-8a2c-15eb157c00a7/SL_Map_FinalNET.png

You can resort to JavaScript implementations like this one http://pajhome.org.uk/crypt/md5/auth.html and use Silverlight C#/JavaScript interop.

Authenticating Silverlight Users

jono_pare — Sun, 25 Nov 2007 21:28:12 GMT

Hi, I'm brand new to Silverlight development and I wondered what mechanisms were available in the cut-down version of the .NET framework for authenticating Silverlight 1.1 users. I'd like to use the usual combination of hashes and salts to avoid passing any passwords down the wire, but I cannot see the familiar cryptography classes. Are these going to be included in later releases of Silverlight 1.1? Is there something better I should be using instead? All hints appreciated. Jono