Helsinki ReMix Silverlight 3 and .NET RIA Services


I had a great time at ReMix in HelsinkiFinland Flag

I had a chance to give the Silverlight 3 overview today and it was a lot of fun.   I used a this Silverlight 3 deck and did some fun demos:

The next session I did was on .NET RIA Services..  You can find the demo i did http://bit.ly/4tmJA3 and the full series.

Comments (4)

  1. Hi Brad!

    Nice lessons! Altough in the second one, the amount of xml (=xaml) reminds me of MOSS2007 configuration.

    One question about the code… Home.xaml.cs:

    var context = dds.DomainContext as SuperEmployeeDomainContext;

    Why is there a cast and not an implementation of generics?

    Also I would have wished a little bit more about security… About WebServices authentication… You can’t store any credentials in Silverlight application, right? And when calling WebServices, is there some kind of security token, sent every time or once? When talking about business apps there are usually some kind of LDAP/Active Directory in background.

  2. Tuomas,

    That cast is required as you can’t (at least to my knowledge) instanciate generic class from xaml. Than means for example: DomainDataService<TDataContext> is not a possibility as you can’t create it from xaml. Ofcourse you could do it from code…

    You can store the credentials on silverlight side but you have to provide somekind of mechanism for validating those credentials on the server side. Even thought Silverlight starts from a web page it runs on the users machine on a very tight sandbox enviroment. Only way to call home is trough web services, http, sockets etc.

    Brad,

    Thanks for the presentations. My colleague Justin told me you had a very interesting talk during lunch about the future of silverlight and why there is no official unit testing support in silverlight yet.

  3. Pekka, thanks for reply…

    I don’t know about Silverlight, but in Asp.net you can, the syntax is just weird, something like MyProperty="Container`1[[MyType]]"

    Anyway, I feel that casts and being-not-able-to-use-generics easily is a lack of feature in Silverlight.

    About storing credentials to Silverlight, it is a security risk: the user can get the dlls from Silverlight-client and re-engineer it with tool like .NET Reflector. Then the user sees easily any credentials and passwords stored to Silverlight-client. So it should be clear to not use Silverlight-client with some kind of generic Active Directory -account to company’s WebService.

  4. Kyle says:

    Tuomas,

    There are a lot of options for authentication in Silverlight. However, most of them involve passing credentials to the server, verifying them, and them persisting them somehow. Rarely, if ever, are the credentials stored in the Silverlight application (for the reasons you mentioned).

    An example of this is using ASP.NET FormsAuthentication to store an authentication cookie. The Silverlight app will pass credentials to a web service (over https), the service will validate them, and then it will add the cookie to the response so all subsequent requests will be able to authorize the user.

    There are a number of samples of authentication with .NET RIA Services at http://code.msdn.microsoft.com/RiaServices.