secure data transfer between Silverlight 4 and WCF service

Background

So after fumbling around with wsHttpBinding on my WCF services I find out that Silverlight doesnt support it!! After thinking of sending encrypted data over the wire that is decrypted on both the service and client side I figured that this might be a performance issue. Plus Im not really sure if this is the neat way to do things.

Taking for example a login page scenario for the silverlight application, I even thought that I can do the login on the aspx side and then on successful authentication I can redirect to the page that hosts the Silverlight application. The problem here is that once the xap is开发者_如何学C downloaded to the client, it can be run from a browser and thereby bypass the aspx login page altogether.

Question

What are my options if I want to transfer data securely between the silverlight client and the wcf service? I don't want any data over the wire to be useful to any potential wire sniffer or anything.

As @Shiraz suggested you can go for https transport with basicHttpBinding.

You have a variety of message level securities supported. Well it is true that basicHttpBinding doesn't support all the message level security. But it does some.

http://msdn.microsoft.com/en-us/library/ms730294.aspx summarizes all the possible choices for basicHttpBinding.

From the binding side, you don't have many choices.

You can use basichttpbinding with https.

Have a look at the answer in this thread: http://forums.silverlight.net/forums/t/13275.aspx