Only https logon is considered secure. the user name and password cannot be transmitted in plain text? However, it seems that the logon to the blog site is still http :-). It doesn't matter if it's a blog. It's not online shopping, and the security requirements are quite low.
With IIS Express 7.5, we can experience https during development, because it contains a self-signed certificate for development, which can be used for debugging. Speaking of certificates, I encountered a question about the certificate path today. It takes a long time for the user's machine to trust the certificate that should have been trusted. Note that: the Complete Certificate path must be imported to a trusted Certificate Authority.
Today's article is a ghost of certificate failure. To put it bluntly, you can refer to the Https function of IIS Express 7.5 here. Figure:
Set SSL in Project Properties
You will find that IIS Express has two URLs
Create a Silverlight Bussiness Application project.
1. Modify the AuthenticationService. cs file:
[EnableClientAccess (RequiresSecureEndpoint = true)]
Public class AuthenticationService: AuthenticationBase <User> {}
2. Modify the App. xaml file of the Silverlight project:
Public App ()
{
InitializeComponent ();
// Create a WebContext and add it to the ApplicationLifetimeObjects set.
// This can then be used as WebContext. Current.
WebContext webContext = new WebContext ();
FormsAuthentication formsAuth = new FormsAuthentication ();
WebContext. Authentication = formsAuth;
FormsAuth. DomainContext = new Web. AuthenticationContext (new Uri ("https: // localhost: 44300/Services/SilverlightLogin-Web-AuthenticationService.svc "));
// WebContext. Authentication = new WindowsAuthentication ();
This. ApplicationLifetimeObjects. Add (webContext );
}
In this way, we will use Https to transmit the user name and password when logging on.
3. Set the ClientAccessPolicy. xml file to the root directory of the website.
<? Xml version = "1.0" encoding = "UTF-8"?>
<Access-policy>
<Cross-domain-access>
<Policy>
<Allow-from http-request-headers = "*">
<Domain uri = "http: // *"/>
<Domain uri = "https: // *"/>
</Allow-from>
<Grant-to>
<Resource path = "/" include-subpaths = "true"/>
</Grant-to>
</Policy>
</Cross-domain-access>
</Access-policy>
You can set it like this, but you always get an error saying "cross-origin access, no policy file, and so on "!
Finally, add the self-signed certificate of IIS Express to a trusted authority to solve the problem!
I guess it may be that in silverlight, it will not prompt that the user certificate is not safe as in IE:
Only inexplicable error messages will be displayed!
Author smlk