Is it secure to put the authentication for a silverlight "object" on asp.net level?

I have a silverlight application which I load inside a an asp.net website via . If I don't implement any security on the silverlight application itself - will it be secure if the user needs to authenticate on the asp.net page (in which the tag sits) only? Or is there some hack to access the silverlight application without actually accessing the website?

Short answer is No. However it's not clear what you're trying to secure. Usually the precious assets are on the server, and the silverlight client is just one possible way to access those assets. In that case the server is responsible for the ongoing security, not just the secure delivery of the XAP.

Furthermore, once the XAP is delivered it's cached on the client machine. I would expect it to be a trivial matter to relaunch that XAP without going back to the source page.