Ahhh Silverlight apps from un-trusted source... I hadn't considered that one!
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jonas Follesø Sent: Thursday, 29 May 2008 3:59 PM To: [email protected] Subject: Re: [OzSilverlight] Accessing asp.net from Silverlight Yepp - And in some cases you won't have access to the host (it can disable HTML access). For instance you don't want a Silverlight 2 ad grabbing hold of the entire HTML page, or accessing any information about the user browsing a page containing the ad. Yeah - Takes a little bit of time before you start thinking of Silverlight as a client side .NET app running in the browser. But some times that can fool you to - for instance when you wan't to grab HTTP headers, cookies etc and don't get access to do this from the browser. cheers, Jonas On Thu, May 29, 2008 at 3:53 PM, Stephen Price <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>> wrote: Thanks for the replies all. The Server/Client explanation made it all click home into place. It's easy to forget you're actually working with a fully client based app (in a browser). My boss wasn't aware, and I assumed he knew it was client based. So the issue of security of remote services isn't a new one, it looks like its a good time to get familiar with WCF and it's security. :) Right after I check out Isolated storage... You're right, it's a client and thus should not be trusted. All the standard security practices apply. I did see a post somewhere about another SL app theoretically being able to hijack the isolated storage of another SL app. I was thinking the easiest way to find out who the user is would be to ask the host app, but if you think about it, the silverlight app shouldn't trust the host as it could be anyone. cheers, Stephen On Thu, May 29, 2008 at 1:23 PM, Jordan Knight <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>> wrote: Oh also keep in mind that getting data from the host page in this way is insecure - your app may not be running where it thinks it is, and could get false information regarding authentication from a scrupulous user. I've not tested this out (spoofing to a SL app) - does anyone else have any comments on this? I guess as long as you remember that nothing on the client end is sacred you will be alright - just as long as you don't trust anything from your SL app on the server... From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>] On Behalf Of Jordan Knight Sent: Thursday, 29 May 2008 3:18 PM To: [email protected] Subject: RE: [OzSilverlight] Accessing asp.net<http://asp.net> from Silverlight Hi Stephen, You can access membership stuff from AJAX using the AuthenticationService class... http://www.asp.net/ajax/documentation/live/ClientReference/Sys.Services/AuthenticationServiceClass/default.aspx With a bit of ingenuity I'm sure you can pipe a call from Silverlight to this class to get the info you need :) Cheers, Jordan. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>] On Behalf Of Jonas Follesø Sent: Thursday, 29 May 2008 2:49 PM To: [email protected]<mailto:[email protected]> Subject: Re: [OzSilverlight] Accessing asp.net<http://asp.net> from Silverlight Hi Stephen! First off: great meeting you at REMIX! Haven't gotten around to figure out why you're having issues with the YouCard demo - Will get back with some feedback on that ASAP. Been a busy week! Second: Silverlight is a pure client side technology, and the ASP.NET<http://ASP.NET> spesific things you want to access are all server side spesific. You would have to expose a web service (REST, WCF, ASMX what ever) that you call from Silverlight to get that data back. Since the Silverlight app is running on your ASP.NET<http://ASP.NET> page any HTTP requests you make back to the server will include any authentication headers or cookies, so you should be able call the service, do the Pager.User.Identity.IsAuthenticated check, and then return true/false. BTW: Wilco Bauwer has a post on ASP.NET<http://ASP.NET> Silverlight component development at http://www.wilcob.com/wilco/News/asp-net-silverlight-component-development.aspx Cheers, Jonas :) On Thu, May 29, 2008 at 2:38 PM, Stephen Price <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>> wrote: Hey all, I'm trying to find an example of accessing Asp.Net objects on the host page from the Silverlight application. I've found some great stuff on accessing the HTML on the page (You know, set the content of a Div tag or whatever) as well as calling Silverlight methods from the HTML page using the [ScriptableMember] but I'd like to get access to things like Page.User.Identity.IsAuthenticated. Is this possible? thanks, Stephen ------------------------------------------------------------------- OzSilverlight.com - to unsubscribe from this list, send a message back to the list with 'unsubscribe' as the subject. Powered by mailenable.com<http://mailenable.com> - List managed by www.readify.net<http://www.readify.net> ------------------------------------------------------------------- OzSilverlight.com - to unsubscribe from this list, send a message back to the list with 'unsubscribe' as the subject. Powered by mailenable.com<http://mailenable.com> - List managed by www.readify.net<http://www.readify.net> ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ------------------------------------------------------------------- OzSilverlight.com - to unsubscribe from this list, send a message back to the list with 'unsubscribe' as the subject. Powered by mailenable.com<http://mailenable.com> - List managed by www.readify.net<http://www.readify.net> ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ------------------------------------------------------------------- OzSilverlight.com - to unsubscribe from this list, send a message back to the list with 'unsubscribe' as the subject. Powered by mailenable.com<http://mailenable.com> - List managed by www.readify.net<http://www.readify.net> ------------------------------------------------------------------- OzSilverlight.com - to unsubscribe from this list, send a message back to the list with 'unsubscribe' as the subject. Powered by mailenable.com<http://mailenable.com> - List managed by www.readify.net<http://www.readify.net> ------------------------------------------------------------------- OzSilverlight.com - to unsubscribe from this list, send a message back to the list with 'unsubscribe' as the subject. Powered by mailenable.com - List managed by www.readify.net ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ------------------------------------------------------------------- OzSilverlight.com - to unsubscribe from this list, send a message back to the list with 'unsubscribe' as the subject. Powered by mailenable.com - List managed by www.readify.net
