[prev in list] [next in list] [prev in thread] [next in thread] 

List:       owasp-dotnet
Subject:    [Owasp-dotnet] Silverlight & System.Web.ApplicationServices
From:       "Mark Roxberry, OWASP.ORG" <mark.roxberry () owasp ! org>
Date:       2008-07-30 16:47:30
Message-ID: 48909b2b.2535640a.3186.6cb3 () mx ! google ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've been working on a Silverlight project for vulnerability research (cross
work for my company and OWASP - 2 birds, 1 stone).  I'm currently designing
the authentication/access control features.  Don't know if anyone is using
this now, but I started looking at the System.Web.ApplicationServices
namespace.  It includes a few web services for security features that may be
of interest to people:

http://msdn.microsoft.com/en-us/library/system.web.applicationservices.aspx

AuthenticationService
ProfileService
RoleService

Brad Abrams has a post on how to integrate these services with Silverlight:
http://blogs.msdn.com/brada/archive/2008/05/03/accessing-the-asp-net-authent
ication-profile-and-role-service-in-silverlight.aspx.  I've set up the
AuthenticationService as a WCF service with the a basicHttpBinding and
security mode set to None
(http://msdn.microsoft.com/en-us/library/ms731347.aspx ), which is the
default setting.  I'm working through it now to understand how to assess a
Silverlight/WCF/ASP.NET and talk about best practices and I'll be adding to
the OWASP wiki here:
https://www.owasp.org/index.php/Research_for_Silverlight , if anyone is
interested.

Also, let me know if anyone is using these now and what your experience has
been.

Regards,

Mark


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iQEVAwUBSJCabtxDx3w5+q9MAQLxwAf+LgTKdPIVeBluN1iM4GZWV1wzbNJj3R44
cv3PbPsJeToIDULF55gLmyTIaDawC9ZSHNoVSo7be1TgITE2Mg5S00JSVZ2Kk1TI
e0jp4KcrN4NeI8b+jk/sg/3haY593jD4s6cTh4xMkRJsJDnsxfd1hq9EZBczrik6
0Eo6MNoLhv0ulJ/59SdDbhZA2UnegOhZcRcMuoitNM0fupSDDLzl9RirgtoYaQt+
gRqYLsrt5UjHWZ8InVQo1nysC+eFPRvnxT9p+YJoXZyW3ONfmSxYddO1jKznyvIn
c61WpxInG94uKWR/zaiTqkaAOYSQym8DVUSrF1S2E+eoTU8hdp0Rbg==
=1W/r
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iQEVAwUBSJCbIdxDx3w5+q9MAQKTAQgAmNgLOZycwP52V5CMsqLEf6vVYhdCX+OC
T1L1iO9mvkrlkXl4RWlhBG9CfAhTVxVL2xeI5JkYG9WqrkS3e2Svvpw0rPPtPa8r
Ln+0+ldsPpIFDny9YtX11nILJa2KbZGse75dWB19Cq2mx3z4geeVgxeJgsGP1zdo
54wXU7nqOkWrSRY0ACxhl2Y8W9y4lWAKFfGHThJ8AS6zhLhI/hxTM5dLz1b2HFD2
R8dNWTkIBuQqaPS75pL0Z7H4zCM07+n67ssNVXjbbC1zESDw0qzZSh4IIDnDqaOE
sDoIXVv76KKVeZCBpeW6+J3/GTrsNrIdz3NfURizqvj3iWk3aEG0jw==
=Ik16
-----END PGP SIGNATURE-----

_______________________________________________
Owasp-dotnet mailing list
Owasp-dotnet@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-dotnet
[prev in list] [next in list] [prev in thread] [next in thread]