digest authentication from silverlight and against a custom store using IIS 6

Question

The server side of the requirement is digest authentication against a custom credential store (ala a membership provider) and on the client side a silverlight application making calls to a RESTful api.

i'm looking for pointers. Out of the box it looks like Digest only works against AD. From the client side, I'm use to getting the browser to pop up a prompt for credentials --- but in this case its a sliverlight (v2) app.

Suggestions?

Answer 1

The authentication story, imo, is not great in Silverlight. What we typically do is rely on the fact that Silverlight requests are issued from the browser. So, they carry the cookies and headers that a browser uses (think XmlHttpRequest object, here).

What you do:

• Use your provider to protect the page that Silverlight is on. The user will try to bring up the page and will get prompted for credentials.
• At this point, Silverlight requests (via WebClient or anything else) will carry that authentication information. Simply protect access to assets and Silverlight will carry the authentication information to access those assets.