WCF, HTTP, Security and Data Service topics for Silverlight


Our team has been watching the forums and there are a lot of questions regarding using Silverlight with WCF and data services, HTTP questions and security questions. We created some new topics and updated existing topics to better cover these areas for the Silverlight 2 release, however it would appear that most folks haven’t found these topics. Here are some links:



  • HTTP Communication and Security with Silverlight covers pretty much what the title says it does; Silverlight HTTP capabilities and security considerations.

  • Accessing Web Services in Silverlight contains links to a bunch of topics on WCF services, including more security

  • Security contains links to topics that cover application security, HTTP security and sockets security. This topics contains many of the same links you’ll find in the other two, but we wanted to make this info discoverable in one location.

  • ADO.NET Data Services contains links to topics on building Silverlight applications that communicate with ADO.NET data services.

Please take a minute to check out these topics and provide feedback to us in the form of MSDN ratings and comments.


Thanks


–Cheryl


Comments (5)

  1. Many of us have been struggling to create business-oriented (LOB) forms using Silverlight 2 and ADO.NET

  2. In this issue: Silverlight Girl, Mehdi Slaoui Andaloussi, David Anson, Cheryl, Justin Angel, Kathy Kam

  3. KellenF says:

    Thanks for the post Cheryl, I’ve posted several times on the silverlight.net forums about some of these security restrictions and I still have some concerns that I don’t feel have been addressed.

    I understand the absolute necessity for a secure platform, and I don’t feel that mistakes of the past can be used as an excuse for future applications, that said the socket restrictions in place don’t seem to make sense to me.  I would be perfectly happy with a confirmation box per connection, like the expand storage confirmation (requiring a user initiated event to show the box), to open up a socket.  This would make a DoS application infeasible.  Essentially I would like to be able to write the equivalent of an FTP client, that lives in a Silverlight application.

    If I am missing a major security hole please enlighten me, I think allowing this to happen would open up a world of application replacements, allowing clients to existing services to be developed in Silverlight.  As it is right now I have had to write a server side component that martials sockets to their destination, which limits performance and security.

    -Kellen

  4. Kellen,

    Thanks for your comment. I checked with the team responsible for the sockets implementation and there are valid security reasons for the restrictions you mention. They cannot allow users to make security decisions through prompting because they are concerned about risks to the network, not just the individual client.

    Cheryl