I had the opportunity to give a talk at TechEd 2011 about integrating security roles, user names, etc. into Silverlight applications which is always a fun experience. Because Silverlight runs in a sandbox and doesn’t have direct access to the IPrincipal or IIdentity objects it can be challenging to work with security when using WCF services or REST APIs (WCF RIA Services actually makes it pretty easy though). In this talk I discuss different options for securing a Silverlight application, discuss options for accessing user names and roles, and build a service that can serve up this type of information based upon Windows Authentication. I also cover how to create a SecurityManager class that can be used to call the security service asynchronously and expose user name and role data to ViewModel classes. Finally, I talk about how IISExpress can be used to work in a more “real-world” type of development environment when it comes to security.
Download the slides and code from the talk below.