Comments on: RIA security 101: Logins, web services, usernames and passwords

By: Anonymous

Anonymous — Thu, 24 Nov 2011 09:27:46 +0000

using web service i want to login form for asp.net

By: The Data Authenticity of Geo-Social Networks. | The Refined Geek

The Data Authenticity of Geo-Social Networks. | The Refined Geek — Wed, 18 Aug 2010 02:02:01 +0000

[...] been completely lost if I hadn’t stumbled upon Tim Greenfield’s blog, specifically this postwhich outlined the core ideas for implementing a secure login system that uses RIA services. After [...]

By: Gabor

Gabor — Tue, 03 Mar 2009 21:56:23 +0000

Does the same method works, when I want to access ADO.net data services from within SL2?
I.e. can I use the HttpContext.Current.User.Identity in ADO.net ds, or I have to send the auth. cookie explicitly to ADO.net ds in webrequest header?

By: esh

esh — Tue, 24 Feb 2009 21:21:08 +0000

I have switched to using Asp.Net login form (instead of Silverlight form), which stores user in Asp.Net session and redirects user to Silverlight Application web page (which is accessible only by already authenticated user). I guess that it is also safe enough approach.
In this way, login information can be preserved even on Cltr + F5 (full browser refresh).

By: John Papa

John Papa — Tue, 06 Jan 2009 14:13:23 +0000

That’s awesome Tim! I’ve used this myself and its a very nice feature. I am probably going to discuss it in an upcoming MSDN Mag Data Points article.

By: Tim Greenfield

Tim Greenfield — Tue, 06 Jan 2009 06:00:26 +0000

Thanks for the addition John, I’ve added a note to this posting about this third option for ASP.NET users as well as some source code to demonstrate how to use it.

By: Security and Silverlight : JohnPapa.net

Security and Silverlight : JohnPapa.net — Mon, 29 Dec 2008 19:41:57 +0000

[...] was reading a post by Tim Greenfield today regarding RIA and security. He also followed this up with a nice post on how to implement one of his techniques using [...]

By: Security and Silverlight : JohnPapa.net

Security and Silverlight : JohnPapa.net — Mon, 29 Dec 2008 18:55:28 +0000

[...] was reading a post by Tim Greenfield today regarding RIA and security. Taking this from the Silverlight RIA perspective this has some interesting turns. His scenarios [...]

By: John Papa

John Papa — Mon, 29 Dec 2008 18:43:41 +0000

Interesting post. Security is often an afterthought especially since so many are new to RIA. If you use IIS with ASP.NET another option is to use Forms Authentication. The Silverlight client can log in to the Forms Auth provider, passing the credentials once at login. The Forms Auth provider sends back an acknowledgement and is then set up for any repeat visits by the same user. When server calls are made, code can be written server side to intercept all calls and first make sure the user is indeed authenticated. This technique builds on Forms Auth and removes the need to create your own token technique.

By: RIA security 102: Using ASP.NET session state to authenticate web service calls « Programmer Payback

Mon, 29 Dec 2008 07:34:45 +0000

[...] 29, 2008 by Tim Greenfield In part 1 (RIA security 101: Logins, web services, usernames and passwords), I discuss the importance of security in RIAs (Rich Internet Applications) and set the ground [...]