Scott, On point 3, why would that matter? Even if you fake the response and "trick" your Silverlight app (which would be easy, just download the XAP, unzip it, and have it talk to a different end-point), your XAML shouldn't really contain any "secret" information anyway. Your users is not part of your markup, that's just data. That information should be sent to the user in an authenticated WCF call.... So even if you manage to enable the "show all user" screen, your service should re-validate on the server side before giving you that data.
But there might be cases where what you describe makes allot of sense. And partial loading of XAP's is quite interesting stuff - could be useful for things like composite Silverlight applications, where you download modules as needed. On Thu, Sep 18, 2008 at 5:19 PM, Scott Barnes <[EMAIL PROTECTED]>wrote: > Hi Ross! (long time no speak) J > > > > 1) You have a number of options, essentially the easiest way is to > tap into the Windows Communication Foundation services and utilize this > option. It's essentially sending data over the wire in XML format, > Silverlight has great hooks already built in to handle these type of > requests. We're also looking to do more here to make things more seamless in > upcoming versions. I can't say more than that, but it will get a lot easier > in the long term. > > 2) That's the intent going forward. We see a great deal of positive > power with using LINQ inside Silverlight and WPF. It's almost safe to say > out loud to think of LINQ as you're Data Passport between client and > server. There will be more expansion on this in the future as well. > > 3) Security will remain similar or if not the same as ASP.NET today. > The difference is on the client, you essentially need to architect in such a > way that the initial "first ask" is defining whom the person is and what > their session may look like. From there, it's a case of > "CanIHaveAccessTo(args)" style security access (given you're in a > non-Refresh situation – assuming this is a 100% Silverlight App by the way). > Now, the danger here is if not architected correctly is that you can fake > the "true/false" responses, so the further piece to this is to maybe > consider using XAML over the wire. In that "can I have access to > ViewAllUsrProfiles?, If the answer is true, you essentially trigger a .xap > download or you load .XAML remotely, via an ASP.NET page (pushing the > content). As this will also be a secondary check to make sure they did > indeed have positive response to the question" > > 4) Could you expand on the Binary Formatter? I.e. what do you have in > mind? > > 5) We're working on smarter ways to go between Client and Server, but > can't say much just yet on what that will look like. We're still actively > planning features and so feel free to expand on what you're thinking here as > I'm more than happy to walk this into the next planning meeting and discuss > with the team. > > > > P.S > > I'll be back home in Brisbane (currently Belinda and I are living in > Seattle now) around XMAS time. So if you're still stuck around then, I'm > sure we can find a E&Y event to meet up at and discuss in depth over a beer > or two. Failing that, feel free to contact me offline to discuss in depth > should the above not be enough (same goes for anyone on this list btw). > > > > *--* > > *Scott Barnes * > (Rich Platforms Product Manager) > > Microsoft Corp. <http://www.microsoft.com/> | *Blog:* > http://blogs.msdn.com/msmossyblog | *Mobile:* + 1 (425) 802-9503 (*New*!) > > *Twitter*: twitter.com/mossyblog | *MSN*: [EMAIL PROTECTED] > *P **Please consider your environmental responsibility before printing > this e-mail* > > > > > > > > *From:* [EMAIL PROTECTED] [mailto: > [EMAIL PROTECTED] *On Behalf Of *Ross McKinnon > *Sent:* Wednesday, September 17, 2008 7:20 PM > *To:* [email protected] > *Subject:* [OzSilverlight] A couple of questions > > > > Hi all, > > > > I am the CIO of Michael Hill Jeweller which is an international (US, > Canada, New Zealand, Australia) jewellery retail chain whose global head > office is based in Brisbane and we are in the process of replacing our > global website. The executive here are very excited by the opportunities > presented by silverlight and we will be developing the new site using this > technology and are trying to release it as soon as possible. > > > > I did have a couple of questions which I have posed to Microsoft, but they > have been unable to answer and most of them are directed towards my > personally perceived weaknesses of silverlight and I was hoping that someone > would be able to point out how they can be achieved. Hopefully our work > arounds are not the suggested best practice. > > 1) What is the best way of persisting user identity through multiple > silverlight pages? > > 2) It appears to me that linq to SQL entities seem to lose the ability to > maintain state (ie know what is changed) after passing through a wcf call > and silverlight treats it like a normal class. Is that the case and if so, > is that going to be changed? > > 3) What is the best practice for integrating security and sessions between > asp.net / silverlight / wcf? > > 4) Are there plans for a binary formatter in the silverlight framework? > > 5) I have been overlaying silverlight pages over aspx with master and > content pages. The largest issue with that is being able to pass information > between your master and content pages (easily achievable in aspx), but are > there any plans to implement a method to easily pass information between SL > pages on the client (usually user specific information), other than at > creation of the page. > > Thanks for any help in advance, > > Ross. > > 18/9/2008 Ross McKinnon [email protected] > > This email and any attachments ("Email") are intended only for the > addressee > and may contain privileged, confidential and/or disclosure-exempt > information. > You must not edit this Email without our express consent. > Michael Hill Jeweller (Australia) Pty Ltd does not warrant that this Email > is complete, error-free or virus free, and by opening any attachments, > you accept full responsibility for the consequences. If you are not the > addressee, > you must not disseminate, rely upon or copy this Email, and you must > immediately > erase permanently and destroy all records of it and notify us by phone (at > our cost). > Thank you. > > ------------------------------------------------------------------- > OzSilverlight.com - to unsubscribe from this list, send a message back to > the list with 'unsubscribe' as the subject. > Powered by mailenable.com - List managed by www.readify.net > ------------------------------------------------------------------- > OzSilverlight.com - to unsubscribe from this list, send a message back to > the list with 'unsubscribe' as the subject. > Powered by mailenable.com - List managed by www.readify.net > ------------------------------------------------------------------- OzSilverlight.com - to unsubscribe from this list, send a message back to the list with 'unsubscribe' as the subject. Powered by mailenable.com - List managed by www.readify.net
