I am currently working on a Silverlight application that talks to a server application. I am trying to come up with any info that I can use to identify the client when it connects. I obviously have the IP on the server side but that is about it. I was planning on having the client send a message with its ID info as part of the connection process. The issue I am having is that Silverlight without elevated privileges doesn't have access to anything useful to identify the client. I tried computer name, username, etc, but they are all things Silverlight doesn't have access to without elevated privileges or an external service. Is there anything I am missing? Is there anything I can get to that would help identify the client?
You could try generating a "fingerprint" based on plugins, screen size, etc. Here is a j-query plugin that claims to do just that:
https://github.com/carlo/jquery-browser-fingerprint
Related
I have been developing an asp.net core web application and published on the production mode (online server), the users can access it with the specific domain name and will log in and do data entry from three different countries.
But, the problem is sometimes, in one specific country there is no internet access, my client wants that this application should work online and offline, If there is no internet access the local branch must be able to do data entry, then when the internet gets connected data should send to the online server database,
What is the best way to achieve this goal?
Please write your view or add some good forum link below.
Rationally, it is not possible for you to access a Web App without internet. Web Apps are meant for network usage. However, I believe there is a workaround for such requirements. What you can do is that you can create a clone of your database for the third user, who has no internet access and perform all transactions within the local machine and when the connection comes back on line, you can replicate the data from the local SQL Server into the online server database.
And then there is something called Progressive Web Apps , which will allow you below privileges :
Reliable - Load instantly and never show the downasaur, even in uncertain network conditions.
Fast - Respond quickly to user interactions with silky smooth animations and no janky
Engaging - Feel like a natural app on the device, with an immersive user experience.
What are Progressive Web Applications, Google has something more to discuss here
We currently have a Silverlight application which is hosted in a SharePoint 2010 page. The Silverlight app makes web service calls to a another server on our domain, which has a clientaccesspolicy file in place. We are experiencing cross-domain issues in our production environment.
Users in the farm admin group can use the Silverlight application without any issues. However, all other users recieve the generic cross domain exception when they try to use this app. We have attached Fiddler to the process and noticed that the farm admins are served the clientaccesspolicy file, but that non-admin users are not. In fact, Fiddler does not ever show an attempt to load this file for non-admins.
This only happens in our production environment, which leads me to believe there is a web config or permission setting causing the issue. Unfortunately, I cannot find anything that backs this up.
Has anyone else run into this issue or know if such a setting exists?
See comments above. I had to change the URL to use the full machine name i.e. from webserver/service.svc to webserver.domain.com/service.svc. It solved the problem but doesn't answer the question about why the farm admins could access it. vorrtex's response is the best possible explanation I have seen so far.
I've got a Silverlight application that will be running out on the open internet, available to basically everyone who has ever lived.
The application makes use of RIA Services to manipulate data in a database on the server.
The application creates, reads, updates, and deletes data of different varieties, however I only want these operations to occur from within the application.
This brings about two questions:
Is there a particular recommendation for what type of Authentication to use? Forms or Windows?
Is there a way to prevent someone from "linking" to the application? That is to say, copying the HTML from the containing page, pasting it in their own HTML page on their local machine and running it? The end goal would be to only allow the application to be run when it is embedded in a page requested directly from my server and my server alone?
If your application is being used on an internal network, then Windows authentication is best. Otherwise (as is your case) use Forms authentication.
Silverlight automatically prevents applications (unless they're running with elevated trust) from accessing resources on the Internet (web services, HTML, etc) that are not from the domain that the application originated from, unless that domain has a cross-domain policy file in its root. The Silverlight runtime prevents this (not the server), so this a client based security feature - not server based. By not having a cross-domain policy file in place on your server, your application will only be able to communicate with your domain services when it is run from your server (as you are after). The application will run, but calls to those services will fail.
You could always do a check for what domain the application originated from in code, and match it to a hard-coded domain name if you want to prevent the application running at all from other domains.
Hope this helps...
Chris
I am going to be developing an application for work, and I am trying to decide whether to use Silverlight Business App or Asp.Net Web App. My manager is concerned about the performance and download time it would take if I created the entire application as a Silverlight app, with authentication. I have been playing around with some tutorials over the last week trying to get a perspective on my situation and have come up with a design question I need to ask those that are more experienced than me.
Is it possible to use a Asp.Net application and just embed a silverlight application in one of the pages that will be used inside a folder that is configured with the roles authorization? And if so, would it be possible to get user credentials from the client silverlight app without passing them through the initParams.
I understand that I can set the authentication to "useCookies", so I was thinking I would be able to get the cookie on the client and hopefully get a property verifying if the user is authenticated.
Also, would this be a risky practice? Thanks for any advice and direction.
There are a few approaches you could take. While I know you don't want to expose the credential in init params, you could generate a "ticket" (claims-based authentication) for the credential, and include the ticket (for example, a GUID) in the init params. When the Silverlight application launches, it would consume the ticket, possibly validating it via a secured web service call, and the ticket would no longer be valid so even if someone spoofed it or viewed the source, it couldn't be used.
Quite a bit depends on your architecture. For example, if you are using the roles-based authentication, and most of the business logic and/or decision making is based on web service calls, the web services can use HttpContext.Current.Identity to validate the user. Even if someone opens the Silverlight application, any service calls would fail unless they were appropriately authenticated. Otherwise, I would either go with passing a ticket so Silverlight trustst the user is valid (you can create a service that accepts the Guid and returns the role information) or have the user log in from Silverlight (you have a service facing in front of the authentication mechanism and then return a ticket and/or role information).
It gets even more interesting if you decide to use WCF RIA, check out these examples for baked-in authentication:
http://code.msdn.microsoft.com/RiaServices/Release/ProjectReleases.aspx?ReleaseId=2661
1.) It's absolutely possible to embed a Silverlight xap on an ASP.NET page.
2.) As far as credentials, using cookies could work, or you could pass in a token over initparams and validate that token via a web service to see if the user is valid
It's always a risk passing credentials around, especially when it's running on a clients computer. That said, Silverlight buys you a lot, so don't let the challenge of authentication hold you back.
Im currently working on registration of our application. Basically we have a simple concurrent licensing system so when the user logs in we store their computer name and logon name to uniquely identify them. This is done from a simple winforms app that allows us to retrieve this data.
We now have a brother silverlight project that must work in the same licensing. The situation being that if a user logs into the winforms app they will use one license and if they log in on our silverlight app it will still use the one license because they are accessing it from the same computer.
The problem is that we cannot retrieve the clients machine and logon name with the silverlight application.
Can anybody think of a way of handling this? Or am i going bout it totally the wrong way.
Thanks
Forms or Windows authentication.
Once authenticated you can retrieve anything you want (such as user claims, user profile...etc) which is provided through a web service. This of course mean you are communicating with some database somewhere.