Silverlight user authentication


I am currently developing a Silverlight 3 app that needs some sort of user authentication, because the data pulled from a WCF service is user specific. Target audience is the regular Internet – so there is no AD to authenticate against.

Here are some of the questions I have concerning that situation:

  • Is there a framework or other mechanism that would support me?
  • Would you recommend authentication within the Silverlight app or via outside mechanisms like forms auth? Which is more secure?
  • What about out-of-browser support?

Best Solution

I used ASP.NET's authentication. Just use a MembershipProvider (or implement your own). Then go to to check out how you can expose the authentication service.

Then in your WCF service, you do the following (hosted in ASP):

public class MyWCFService : IMyWCFService 
        // retrieve your UserId from the MembershipProvider
        private int GetUserId()
            MembershipUser user = Membership.GetUser();
            int userId = (int)user.ProviderUserKey;
            return userId;

        // check if user is authenticated
        private bool IsUserAuthenticated()
            return HttpContext.Current.User.Identity.IsAuthenticated;

        public void Subscribe()
            if (!IsUserAuthenticated())
                throw new SecurityException("You must be authenticated to be able to use this service.");

            int userId = GetUserId();

Hope that helps.