views:

153

answers:

1

Hi All,

I am developing a silverlight 3 application using WCF RIA services. I am using the AuthenticationBase class to handle my authentication. As I understand it under the hood this uses the ASP .NET authentication libraries.

When I log into the site the authentication service handles login state so that if I close the site and open it straight away I am still logged in according to the server. When the webpage is refreshed or closed and reloaded I can call the method,

WebContextBase.Current.Authentication.LoadUser()

And it goes back to the authentication service (running on the server) and figures out whether I am still logged into the site. If a timeout has occured the answer will be no. If that is the case I can show a login dialog.

The problem I want to solve is that the authentication service consumes the password, and there is no way I can ever retrieve that password again.

If the user logs into the site I want to store the password on the server, and return a token to the client side to match up with that password. I have some other services on the server side that need that password.

So where should I store that password on the server? How can that be done? How does the WCF authentication store state?

A: 

Please can you expand a bit, why are you trying to retrieve a password for an unauthenticated user?

You could use isolated storage and store the details, but generally, storing passwords kind of defeats the whole point doesn't it?

Doobi
They are not an unauthenticated user. They have already authenticated, and their session should stay open for 20 minutes. It is exactly like if you exit out of gmail without hitting the 'logout' link, and go straight back in you wont have to login. That will expire though over time.
peter
That is how standard ASP .NET pages work. A user will stay authenticated for 20 minutes.
peter
Also the token I pass through to the client is stored in a cookie, and that expires after 20 minutes too.
peter
I have it all working, so the only remaining question is ... is it bad to store data in a static class on the server side in a silverlight application?
peter