MSDN Magazine - September 2008 - (Page 57) public DateTime GetTime() { CheckIdentity(); } } The CheckIdentity function is an arbitrary function that reads the identity of the user as propagated by the authentication cookie and resolved by the ASP.NET pipeline: private void CheckIdentity() { string user = HttpContext.Current.User.Identity.Name; if (AuthenticationHelper.VerifyUser(user)) return; throw new InvalidOperationException("Invalid credentials"); } Silverlight Applications in No-Time In this case, CheckIdentity is designed to throw an exception if no user name is available or if the user name is not in the list of authorized users. You can also change the implementation to make the method return a Boolean value and let the service method decide what to do. With this design in place, any outsider making a call to the service without passing through the login page will send an HTTP packet devoid of the authentication cookie. As a result, the User object in the HTTP context is null and CheckIdentity throws an exception. How secure is this approach? It is as secure as forms authentication itself, which is one of the pillars of the ASP.NET platform. The outsider has just one way to succeed: by stealing an authentication cookie and using it before it expires. ASMX and WCF services take advantage of the information stored in the ASP.NET HTTP context. What about REST services in the AJAX service layer? If you implement a REST service using the WCF Web programming model in the Microsoft® .NET Framework 3.5, then you are covered by WCF compatibility mode. However, if you create a custom service by simply calling a URL and having it return plain old XML or JSON (JavaScript Object Notation) data, then the service endpoint is merely an ASP.NET endpoint and it has full access to the HTTP context. Design by Drag & Drop Over 60 controls “out of the box” Rapidly Develop Outlook like App. in a month Line of Business UI Such as charts Wrapping It Up Services in the AJAX service layer can be secured as discussed here regardless of the client platform, be it ASP.NET AJAX or Silverlight 2. The AJAX service layer includes all public endpoints that a rich Web client needs to invoke to accomplish its tasks. These services play an essential role in the life of the application, yet they are public endpoints. As such, they can also be invoked by outsiders, creating an inherent security hazard. To protect these services, you can force users to pass through a login page so that an ASP.NET authentication cookie is attached to the request and moved around with subsequent requests. The cookie allows you to differentiate between legitimate users and outsiders. You can’t avoid public endpoints, but you need a way to recognize authorized users and keep others off your site. DINO ESPOSITO is an architect at IDesign and also the author of Programming ASP.NET 3.5 Core References. Based in Italy, Dino is a frequent speaker at industry events worldwide. You can join his blog at weblogs.asp.net/despos. msdnmagazine.com Minority Report Like UI Enhance user experience & productivity Silverlight or DHTML Develop once deploy side by side Free Download Live Demo www.VisualWebGui.com/Silverlight http://www.VisualWebGui.com/Silverlight http://www.VisualWebGui.com/Silverlight http://weblogs.asp.net/despos http://msdnmagazine.com
Table of Contents Feed for the Digital Edition of MSDN Magazine - September 2008 MSDN Magazine - September 2008 Contents Toolbox CLR Inside Out Data Points Advanced Basics Office Space Cutting Edge Hierarchy ID New Features for Microsoft SQL Server 2008 Prism Data Services Advanced WPF Test Run Security Briefs Foundations { End Bracket } MSDN Magazine - September 2008 MSDN Magazine - September 2008 - (Page Intro) MSDN Magazine - September 2008 - Contents (Page Cover1) MSDN Magazine - September 2008 - Contents (Page Cover2) MSDN Magazine - September 2008 - Contents (Page 1) MSDN Magazine - September 2008 - Contents (Page 2) MSDN Magazine - September 2008 - Contents (Page 3) MSDN Magazine - September 2008 - Contents (Page 4) MSDN Magazine - September 2008 - Contents (Page 5) MSDN Magazine - September 2008 - Contents (Page 6) MSDN Magazine - September 2008 - Contents (Page 7) MSDN Magazine - September 2008 - Contents (Page 8) MSDN Magazine - September 2008 - Contents (Page 9) MSDN Magazine - September 2008 - Contents (Page 10) MSDN Magazine - September 2008 - Toolbox (Page 11) MSDN Magazine - September 2008 - Toolbox (Page 12) MSDN Magazine - September 2008 - Toolbox (Page 13) MSDN Magazine - September 2008 - Toolbox (Page 14) MSDN Magazine - September 2008 - Toolbox (Page 15) MSDN Magazine - September 2008 - Toolbox (Page 16) MSDN Magazine - September 2008 - Toolbox (Page 17) MSDN Magazine - September 2008 - Toolbox (Page 18) MSDN Magazine - September 2008 - CLR Inside Out (Page 19) MSDN Magazine - September 2008 - CLR Inside Out (Page 20) MSDN Magazine - September 2008 - CLR Inside Out (Page 21) MSDN Magazine - September 2008 - CLR Inside Out (Page 22) MSDN Magazine - September 2008 - CLR Inside Out (Page 23) MSDN Magazine - September 2008 - CLR Inside Out (Page 24) MSDN Magazine - September 2008 - CLR Inside Out (Page 25) MSDN Magazine - September 2008 - CLR Inside Out (Page 26) MSDN Magazine - September 2008 - Data Points (Page 27) MSDN Magazine - September 2008 - Data Points (Page 28) MSDN Magazine - September 2008 - Data Points (Page 29) MSDN Magazine - September 2008 - Data Points (Page 30) MSDN Magazine - September 2008 - Data Points (Page 31) MSDN Magazine - September 2008 - Data Points (Page 32) MSDN Magazine - September 2008 - Data Points (Page 33) MSDN Magazine - September 2008 - Data Points (Page 34) MSDN Magazine - September 2008 - Advanced Basics (Page 35) MSDN Magazine - September 2008 - Advanced Basics (Page 36) MSDN Magazine - September 2008 - Advanced Basics (Page 37) MSDN Magazine - September 2008 - Advanced Basics (Page 38) MSDN Magazine - September 2008 - Advanced Basics (Page 39) MSDN Magazine - September 2008 - Advanced Basics (Page 40) MSDN Magazine - September 2008 - Advanced Basics (Page 41) MSDN Magazine - September 2008 - Advanced Basics (Page 42) MSDN Magazine - September 2008 - Advanced Basics (Page 43) MSDN Magazine - September 2008 - Advanced Basics (Page 44) MSDN Magazine - September 2008 - Office Space (Page 45) MSDN Magazine - September 2008 - Office Space (Page 46) MSDN Magazine - September 2008 - Office Space (Page 47) MSDN Magazine - September 2008 - Office Space (Page 48) MSDN Magazine - September 2008 - Office Space (Page 49) MSDN Magazine - September 2008 - Office Space (Page 50) MSDN Magazine - September 2008 - Office Space (Page 51) MSDN Magazine - September 2008 - Office Space (Page 52) MSDN Magazine - September 2008 - Cutting Edge (Page 53) MSDN Magazine - September 2008 - Cutting Edge (Page 54) MSDN Magazine - September 2008 - Cutting Edge (Page 55) MSDN Magazine - September 2008 - Cutting Edge (Page 56) MSDN Magazine - September 2008 - Cutting Edge (Page 57) MSDN Magazine - September 2008 - New Features for Microsoft SQL Server 2008 (Page 58) MSDN Magazine - September 2008 - New Features for Microsoft SQL Server 2008 (Page 59) MSDN Magazine - September 2008 - New Features for Microsoft SQL Server 2008 (Page 60) MSDN Magazine - September 2008 - New Features for Microsoft SQL Server 2008 (Page 61) MSDN Magazine - September 2008 - New Features for Microsoft SQL Server 2008 (Page 62) MSDN Magazine - September 2008 - New Features for Microsoft SQL Server 2008 (Page 63) MSDN Magazine - September 2008 - New Features for Microsoft SQL Server 2008 (Page 64) MSDN Magazine - September 2008 - New Features for Microsoft SQL Server 2008 (Page 65) MSDN Magazine - September 2008 - New Features for Microsoft SQL Server 2008 (Page 66) MSDN Magazine - September 2008 - New Features for Microsoft SQL Server 2008 (Page 67) MSDN Magazine - September 2008 - New Features for Microsoft SQL Server 2008 (Page 68) MSDN Magazine - September 2008 - New Features for Microsoft SQL Server 2008 (Page 69) MSDN Magazine - September 2008 - Prism (Page 70) MSDN Magazine - September 2008 - Prism (Page 71) MSDN Magazine - September 2008 - Prism (Page 72) MSDN Magazine - September 2008 - Prism (Page 73) MSDN Magazine - September 2008 - Prism (Page 74) MSDN Magazine - September 2008 - Prism (Page 75) MSDN Magazine - September 2008 - Prism (Page 76) MSDN Magazine - September 2008 - Prism (Page 77) MSDN Magazine - September 2008 - Prism (Page 78) MSDN Magazine - September 2008 - Prism (Page 79) MSDN Magazine - September 2008 - Data Services (Page 80) MSDN Magazine - September 2008 - Data Services (Page 81) MSDN Magazine - September 2008 - Data Services (Page 82) MSDN Magazine - September 2008 - Data Services (Page 83) MSDN Magazine - September 2008 - Data Services (Page 84) MSDN Magazine - September 2008 - Data Services (Page 85) MSDN Magazine - September 2008 - Data Services (Page 86) MSDN Magazine - September 2008 - Advanced WPF (Page 87) MSDN Magazine - September 2008 - Advanced WPF (Page 88) MSDN Magazine - September 2008 - Advanced WPF (Page 89) MSDN Magazine - September 2008 - Advanced WPF (Page 90) MSDN Magazine - September 2008 - Advanced WPF (Page 91) MSDN Magazine - September 2008 - Advanced WPF (Page 92) MSDN Magazine - September 2008 - Advanced WPF (Page 93) MSDN Magazine - September 2008 - Advanced WPF (Page 94) MSDN Magazine - September 2008 - Advanced WPF (Page 95) MSDN Magazine - September 2008 - Advanced WPF (Page 96) MSDN Magazine - September 2008 - Test Run (Page 97) MSDN Magazine - September 2008 - Test Run (Page 98) MSDN Magazine - September 2008 - Test Run (Page 99) MSDN Magazine - September 2008 - Test Run (Page 100) MSDN Magazine - September 2008 - Test Run (Page 101) MSDN Magazine - September 2008 - Test Run (Page 102) MSDN Magazine - September 2008 - Test Run (Page 103) MSDN Magazine - September 2008 - Test Run (Page 104) MSDN Magazine - September 2008 - Security Briefs (Page 105) MSDN Magazine - September 2008 - Security Briefs (Page 106) MSDN Magazine - September 2008 - Security Briefs (Page 107) MSDN Magazine - September 2008 - Security Briefs (Page 108) MSDN Magazine - September 2008 - Security Briefs (Page 109) MSDN Magazine - September 2008 - Security Briefs (Page 110) MSDN Magazine - September 2008 - Security Briefs (Page 111) MSDN Magazine - September 2008 - Security Briefs (Page 112) MSDN Magazine - September 2008 - Foundations (Page 113) MSDN Magazine - September 2008 - Foundations (Page 114) MSDN Magazine - September 2008 - Foundations (Page 115) MSDN Magazine - September 2008 - Foundations (Page 116) MSDN Magazine - September 2008 - Foundations (Page 117) MSDN Magazine - September 2008 - Foundations (Page 118) MSDN Magazine - September 2008 - Foundations (Page 119) MSDN Magazine - September 2008 - { End Bracket } (Page 120) MSDN Magazine - September 2008 - { End Bracket } (Page Cover3) MSDN Magazine - September 2008 - { End Bracket } (Page Cover4)
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.