views:

412

answers:

0

Hi,

We have a WCF service with custom username/password authentication. The service runs over SSL.

On our existing WPF application we pass the username and password combination to the service every time it is called (i.e. we don't have any sessions with the service). The credentials are stored in memory on the client application.

Now we are looking at using Silverlight, and I'm thinking that storing the credentials in memory are going to pose a security risk.

What is the recommended advice for storing credentials when using a custom username/password service?

Thanks in advance Matt