I have been reading up on the .Net RIA Services that Microsoft is developing for use between Asp.Net and Silverlight applications, and it looks quite nice. I am curious about how it handles keeping track of authentication:
How does the Silverlight client keep track of who is logged in, and when they have timed out? And it shouldn't keep the password stored in memory, right?
How does the server side know that whoever is making a request (to a WCF service or other) is authenticated? I'm sure the user name and password isn't being passed around after the initial log in. Is there a token being passed around?
Last question, does authentication still work the same if you have your Silverlight app running out-of-browser, installed to the desktop?
I'm pretty sure the RIA services are closed source right now, but I'm hoping someone is familiar enough with the topic to have some ideas. Thanks!