0

I have a silverlight app that connects to a entity framework over WCF ria service.

These calls have to be secure. What can I do so only valid users can call the ria service, and to make the call secure?

The user has to log in to get to the silverlight app, so maybe that login in some way can be saved for authentication of the ria calls?

gnat
  • 21,442
  • 29
  • 112
  • 288
user1741807
  • 138
  • 1
  • 8

1 Answers1

1

There are two things you need to do:

  1. As you have correctly identified you can use the fact that the user has logged in to authenticate the RIA Service calls. You can either do this on a call by call basis or arrange you code so that you can only make the RIA Service calls if the user is logged in.

    You can use the ASP.NET membership database code to do this so you don't have to roll your own security code. You can limit the length of time the login is valid for, have some sort of idle checking to make sure you log out any inactive users etc.

  2. Connect to the web site via a https connection. In and of itself this doesn't make the connection secure, but does give an extra layer of protection when you do log in.

Community
  • 1
ChrisF
  • 38,878
  • 11
  • 125
  • 168
  • So if i use the [requiresauthentication] on the methods, will it only be posible to call the methods if I am logged in, or how does it works? – user1741807 Feb 12 '13 at 04:17
  • @user1741807 Store the fact that the user has logged in in a session variable (for example) and only allow calls if that variable is set. – ChrisF Apr 12 '13 at 22:30