WCF, ASP.NET Membership Provider and Authentication Service

Question

I have written a Silverlight 2 application communicating with a WCF service (BasicHttpBinding). The site hosting the Silverlight content is protected using a ASP.NET Members

Answer 1

You should take a look at the CookieContainer object in System.Net. This object allows a non-browser client to hang on to cookies. This is what my team used the last time we ran into that problem.

Here is a brief article on how to go about using it. There may be better ones out there, but this should get you started.

We went the stateless route for our current set of WCF services and Silverlight 2 application. It is possible to get Silverlight 2 to work with services bound with TransportWithMessageCredential security, though it takes some custom security code on the Silverlight side. The upshot is that any application can access the services simply by setting the Username and Password in the message headers. This can be done once in a custom IRequestChannel implementation so that developers never need to worry about setting the values themselves. Though WCF does have an easy way for developers to do this which I believe is serviceProxy.Security.Username and serviceProxy.Security.Password or something equally simple.