Skip to main content
Home Forums Silverlight Programming Programming with .NET - General Authenticating Silverlight Users
7 replies. Latest Post by y_makram on November 26, 2007.
(0)
jono_pare
Member
2 points
2 Posts
11-25-2007 4:28 PM |
Hi, I'm brand new to Silverlight development and I wondered what mechanisms were available in the cut-down version of the .NET framework for authenticating Silverlight 1.1 users. I'd like to use the usual combination of hashes and salts to avoid passing any passwords down the wire, but I cannot see the familiar cryptography classes. Are these going to be included in later releases of Silverlight 1.1? Is there something better I should be using instead? All hints appreciated. Jono
y_makram
Contributor
6172 points
1,233 Posts
11-25-2007 4:38 PM |
According to the Silverlight Roadmap there is no plans to support cryptography http://download.microsoft.com/download/f/2/e/f2ecc2ad-c498-4538-8a2c-15eb157c00a7/SL_Map_FinalNET.png
You can resort to JavaScript implementations like this one http://pajhome.org.uk/crypt/md5/auth.html and use Silverlight C#/JavaScript interop.
geekpunk
194 points
40 Posts
11-25-2007 9:17 PM |
id hate to have to see you fall back on js for something like this.
As that you have all the power of the .ne framework, minus some goodness, I would instead generate my own md5sum function or the like in combination w/ a challenge string sent down from a web service call, or in the generated aspx. I wouldnt expect this to be built into the final bits, but generating this kind of code should be pretty light weight.
11-26-2007 3:57 AM |
Thank you both for your input. I am reluctant to use JavaScript now that Silverlight's come along: the move to a managed code plug in is - in my mind at least - a great way to avoid the cross-platform horrors that JavaScript brings as standard. That road map diagram was pretty neat, but as well as missing out on cryptography, there was nothing about X509 certificates. Are we being deprived of these too? Intellisense seemed to think there might be support for certificate based authentication, but I haven't got very far exploring it yet. Regards, Jono
11-26-2007 8:24 AM |
keep in mind silverlight, needs to be cross platform and light. My guess is msft will see this stuff as not needed for "ALL" developers, and will not add this. But again you get C# and the .net core, so build your own.
helfon
48 points
34 Posts
11-26-2007 10:34 AM |
Is Anonymous access required to be on for silverlight? Is there any way to use Windows Integrated Authentication? What about putting forms based authentication on the hosting page and then storing the user name for the silverlight control to access?
11-26-2007 2:58 PM |
no reason why you cant use any of the asp.net authentication stuff... keep in mind, silverlight is just page content. Not a replacement for an aspx or html page. My suggestion was for a solution to have the authentication happening directly in the silverlight, while ensuring the username/password were encrypted from point to point.
11-26-2007 3:08 PM |
If I have control over the host ASP page, I will definitely use ASP .NET authentication. The issue will raise when you are developing the Silverlight solution that will not depend on the host page for authentication. An example would be a mashup hosted on live streaming service that can be hosted on blogs for example, but requires user authentication, therefore it has to be done from the Silverlight application, not the host page. If the hashing algorithm doesn't come with the Silverlight release, I am sure that will be community provided implementations for hashing algorithms.