Friday, June 27, 2008

Silverlight and REST for corporate (intranet) applications

Danger Will Robinson, Silverlight 2 beta 2's WebClient implementation does not support passing integrated security credentials. I was hoping to implement a RESTful services tier for my intranet Silverlight application using Windows Integrated Security. While this does work brilliantly when using IE as a client, the Silverlight client cannot call the services. There seems to be no good workaround: I could use ASP.NET authentication services using Forms authentication against AD, but I would have to present the client with a login prompt.

FYI, the service configuration for WCF REST and integrated security is as follows:

<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="webBehavior">
<webHttp/>
<!--<enableWebScript/>-->
</behavior>
</endpointBehaviors>
</behaviors>

<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />

<bindings>
<webHttpBinding>
<binding name="integratedWebHttpBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows"/>
</security>
</binding>
</webHttpBinding>
</bindings>

<services>
<service name="AppNamespace.Service">
<endpoint address=""
behaviorConfiguration="webBehavior"
binding="webHttpBinding"
bindingConfiguration="integratedWebHttpBinding"
contract="AppNamespace.Service" />
</service>
</services>
</system.serviceModel>

No comments:

Post a Comment