Yepp - And in some cases you won't have access to the host (it can disable HTML access). For instance you don't want a Silverlight 2 ad grabbing hold of the entire HTML page, or accessing any information about the user browsing a page containing the ad.
Yeah - Takes a little bit of time before you start thinking of Silverlight as a client side .NET app running in the browser. But some times that can fool you to - for instance when you wan't to grab HTTP headers, cookies etc and don't get access to do this from the browser. cheers, Jonas On Thu, May 29, 2008 at 3:53 PM, Stephen Price <[EMAIL PROTECTED]> wrote: > Thanks for the replies all. The Server/Client explanation made it all click > home into place. It's easy to forget you're actually working with a fully > client based app (in a browser). My boss wasn't aware, and I assumed he knew > it was client based. > > So the issue of security of remote services isn't a new one, it looks like > its a good time to get familiar with WCF and it's security. :) > > Right after I check out Isolated storage... > > You're right, it's a client and thus should not be trusted. All the > standard security practices apply. I did see a post somewhere about another > SL app theoretically being able to hijack the isolated storage of another SL > app. I was thinking the easiest way to find out who the user is would be to > ask the host app, but if you think about it, the silverlight app shouldn't > trust the host as it could be anyone. > > cheers, > Stephen > > > On Thu, May 29, 2008 at 1:23 PM, Jordan Knight <[EMAIL PROTECTED]> > wrote: > >> Oh also keep in mind that getting data from the host page in this way is >> insecure – your app may not be running where it thinks it is, and could get >> false information regarding authentication from a scrupulous user. >> >> >> >> I've not tested this out (spoofing to a SL app) – does anyone else have >> any comments on this? >> >> >> >> I guess as long as you remember that nothing on the client end is sacred >> you will be alright – just as long as you don't trust anything from your SL >> app on the server... >> >> >> >> *From:* [EMAIL PROTECTED] [mailto: >> [EMAIL PROTECTED] *On Behalf Of *Jordan Knight >> *Sent:* Thursday, 29 May 2008 3:18 PM >> *To:* [email protected] >> *Subject:* RE: [OzSilverlight] Accessing asp.net from Silverlight >> >> >> >> Hi Stephen, >> >> >> >> You can access membership stuff from AJAX using the AuthenticationService >> class... >> http://www.asp.net/ajax/documentation/live/ClientReference/Sys.Services/AuthenticationServiceClass/default.aspx >> >> With a bit of ingenuity I'm sure you can pipe a call from Silverlight to >> this class to get the info you need J >> >> >> >> Cheers, >> >> >> >> Jordan. >> >> >> >> *From:* [EMAIL PROTECTED] [mailto: >> [EMAIL PROTECTED] *On Behalf Of *Jonas Follesø >> *Sent:* Thursday, 29 May 2008 2:49 PM >> *To:* [email protected] >> *Subject:* Re: [OzSilverlight] Accessing asp.net from Silverlight >> >> >> >> Hi Stephen! >> >> First off: great meeting you at REMIX! Haven't gotten around to figure out >> why you're having issues with the YouCard demo - Will get back with some >> feedback on that ASAP. Been a busy week! >> >> Second: Silverlight is a pure client side technology, and the ASP.NET >> spesific things you want to access are all server side spesific. You would >> have to expose a web service (REST, WCF, ASMX what ever) that you call from >> Silverlight to get that data back. >> >> Since the Silverlight app is running on your ASP.NET page any HTTP >> requests you make back to the server will include any authentication headers >> or cookies, so you should be able call the service, do the >> Pager.User.Identity.IsAuthenticated check, and then return true/false. >> >> BTW: Wilco Bauwer has a post on ASP.NET Silverlight component development >> at >> http://www.wilcob.com/wilco/News/asp-net-silverlight-component-development.aspx >> >> >> Cheers, >> Jonas :) >> >> On Thu, May 29, 2008 at 2:38 PM, Stephen Price <[EMAIL PROTECTED]> >> wrote: >> >> Hey all, >> >> I'm trying to find an example of accessing Asp.Net objects on the host >> page from the Silverlight application. >> >> I've found some great stuff on accessing the HTML on the page (You know, >> set the content of a Div tag or whatever) as well as calling Silverlight >> methods from the HTML page using the [ScriptableMember] but I'd like to get >> access to things like Page.User.Identity.IsAuthenticated. >> >> Is this possible? >> >> thanks, >> Stephen >> ------------------------------------------------------------------- >> OzSilverlight.com - to unsubscribe from this list, send a message back to >> the list with 'unsubscribe' as the subject. >> Powered by mailenable.com - List managed by www.readify.net >> >> >> ------------------------------------------------------------------- >> OzSilverlight.com - to unsubscribe from this list, send a message back to >> the list with 'unsubscribe' as the subject. >> Powered by mailenable.com - List managed by www.readify.net >> >> >> ______________________________________________________________________ >> This email has been scanned by the MessageLabs Email Security System. >> For more information please visit http://www.messagelabs.com/email >> ______________________________________________________________________ >> >> ------------------------------------------------------------------- >> OzSilverlight.com - to unsubscribe from this list, send a message back to >> the list with 'unsubscribe' as the subject. >> Powered by mailenable.com - List managed by www.readify.net >> >> ______________________________________________________________________ >> This email has been scanned by the MessageLabs Email Security System. >> For more information please visit http://www.messagelabs.com/email >> ______________________________________________________________________ >> ------------------------------------------------------------------- >> OzSilverlight.com - to unsubscribe from this list, send a message back to >> the list with 'unsubscribe' as the subject. >> Powered by mailenable.com - List managed by www.readify.net >> > > ------------------------------------------------------------------- > OzSilverlight.com - to unsubscribe from this list, send a message back to > the list with 'unsubscribe' as the subject. > Powered by mailenable.com - List managed by www.readify.net > ------------------------------------------------------------------- OzSilverlight.com - to unsubscribe from this list, send a message back to the list with 'unsubscribe' as the subject. Powered by mailenable.com - List managed by www.readify.net
