1. Nice example on how to secure a silverlight app using custom username/password mechanism.

    However, what security does the binary message encoding provide? If I’m a rogue application I can still try to figure out the binary encoding and hack the application. In my opinion this is a case of security through obscurity.


  2. Hi Willem,

    The binary encoding itself doesn’t provide any security, just the encoding. In above example the security with the binaryEncoding comes from the
    element. This authenticationMode forces that the messages travel over a secure transport because the credentials are a unencrypted part of the messages, hence the
    element. A normal element isn’t allowed. So binaryEncoding itself, doesn’t provide security, but the other elements in the custom binding do.

    Alex van Beek

  3. Hi Alex,

    I see and I’m glad Microsoft limited the use of that security setting to be used only with a https transport. This saves developers a lot of trouble and I’m pretty sure architects and reviewers will be pleased with this topo 😉

    In my opinion the binary message encoding provides other advantages that developers like. Mainly because it saves you precious time to get the request to the server and a response back to the silverlight client, because the messages send and received are a lot smaller.


  4. Thanks, that’s a realy nice example…


  5. Thanks Calabonga………

    Alex van Beek

  6. I Get the following error when i run my WCF service

    Could not load type ‘MyValidator’ from assembly ‘BasicSSLWcf’.


  7. Maybe you forgot to mark the MyValidator class as public? Also, try to put the MyValidator class in it’s own library project and see if that works…..

    Alex van Beek

  8. Great article!
    I need to open an ASPX page from my Silverlight app in a new browser window. In the code behind page I have to check the username / password. Do you have any suggestions how to to share the username / password?

    Michel Metselaar

  9. Thank you!

    This is real nice posts

    Silverlight Hosting

Comments are closed.