Silverlight user authentication

authenticationsecuritysilverlightsilverlight-3.0

I am currently developing a Silverlight 3 app that needs some sort of user authentication, because the data pulled from a WCF service is user specific. Target audience is the regular Internet – so there is no AD to authenticate against.

Here are some of the questions I have concerning that situation:

  • Is there a framework or other mechanism that would support me?
  • Would you recommend authentication within the Silverlight app or via outside mechanisms like forms auth? Which is more secure?
  • What about out-of-browser support?

Best Solution

I used ASP.NET's authentication. Just use a MembershipProvider (or implement your own). Then go to http://www.silverlightshow.net/items/Accessing-the-ASP.NET-Authentication-Profile-and-Role-Service-in-Silverlight.aspx to check out how you can expose the authentication service.

Then in your WCF service, you do the following (hosted in ASP):

public class MyWCFService : IMyWCFService 
{
        // retrieve your UserId from the MembershipProvider
        private int GetUserId()
        {
            MembershipUser user = Membership.GetUser();
            int userId = (int)user.ProviderUserKey;
            return userId;
        }

        // check if user is authenticated
        private bool IsUserAuthenticated()
        {
            return HttpContext.Current.User.Identity.IsAuthenticated;
        }

        public void Subscribe()
        {
            if (!IsUserAuthenticated())
            {
                throw new SecurityException("You must be authenticated to be able to use this service.");
            }

            int userId = GetUserId();
            DoStuff(userId);
        }
}

Hope that helps.