开发者

Silverlight 4.0 and WCF RIA Services Security

I'm recently want to develop an application for my company. I've checked the Silverlight 4.0 and WCF RIA Services. Its really amazing and I got tempted to use these services for our application. But I have a couple of questions:

  1. Is there any ways to prevent unauthorized users not to be able to connect to the service and enumerate its classes, methods or properties?
  2. How to make sure that just our client software whether it is Silverlight, WPF or Win Forms can connect to the server and not a third party app?
  3. Does WCF RIA Services su开发者_Python百科pport for NetTcp bindings for intranets?

BTW: Our application will be used globally just by the company employees and must not be available to the unauthorized users.

Thanks


  1. Yes, you can require an authorization service to authenticate each session. I highly recommend reading up on Nikhil Kothari's blog (He kind of fathered WCF RIA). He came out with a Book Club application that require authentication. http://www.nikhilk.net/RIA-Services-MIX10-Slides-Code.aspx

  2. You can't really totally require only silverlight. But, if you require an authorization service to authenticate the user, you at least know they were authorized access to the services.

  3. I'm almost certain this should work for your intranet. Someone else may have to step in and help you with the particulars. I have no experience running WCF RIA over wan. However, since it operates over standard http ports, you should be able to do it. There is nothing super special about the connection to a WCF RIA service. It is simply a WCF service.

I hope this helps!

Good luck!


Answer to third: You can configure different endpoints to work with different bindings, you could make the endpoint that is only accessible on the local network (firewall) work with NetTcp binding and other endpoints with some security binding.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜