You might like to investigate allowing anon access to the location of the XAP, and/or only securing the location that the services live...
On Wed, May 11, 2011 at 10:40 AM, Mikala Gardineros <mgardine...@gmail.com>wrote: > Hello, > > I have an intranet site (iis 7.5) that hosts a Silverlight oob > application. The site also hosts a wcf service that is used by the oob > application. > > I use Windows Authentication, primarily to lock down the wcf service, eg > <authentication mode="Windows" /> in the web.config. > > The user lifecycle is like this : > > a. First time they use their browser to navigate to the host web page. > They are prompted for Windows credentials. > > b. User clicks a button that lets them install it oob. > > c. Lets say later the user launch the oob app, I pop up a login window and > use the supplied windows credentials for subsequent wcf calls until they > shut down the app. > > This works nicely. > > However, when they launch the app I do the standard > App.Current.CheckAndDownloadUpdateAsync() to check for updates. The problem > is that it doesn't detect updates. > > The reason it doesn't detect the update is because of a "401 - > Unauthorized: Access is denied due to invalid credentials" on the xap file I > can see in Fiddler. > > This makes perfect sense, I haven't supplied any credentials so why would > IIS allow the user to access the new xap file. > > So, my question is, how can I supply credentials to > CheckAndDownloadUpdateAsync() ? Or can someone suggest an alternative? > > Thank you in advance. > > Mikala > > > _______________________________________________ > ozsilverlight mailing list > ozsilverlight@ozsilverlight.com > http://prdlxvm0001.codify.net/mailman/listinfo/ozsilverlight > >
_______________________________________________ ozsilverlight mailing list ozsilverlight@ozsilverlight.com http://prdlxvm0001.codify.net/mailman/listinfo/ozsilverlight