After Silverlight is published as a web application, it is easy to decompile the Silverlight application. For example, for Sina finance and economics Silverlight, you can easily download the Silverlight application from the client *. xap file, renamed *. zip and decompile the DLL in it with reflector. Detailed steps include how to view the location of the *. xap file downloaded by the browser, and how to decompile the file...ArticleTeach you how to crack Silverlight step by step. In addition, there is even a reflector plug-in, silverlightbrowser, which can directly input the Silverlight URL for decompilation.
How to protect your Silverlight application?
1. Use the Security Policy in Microsoft's article
2. HTTPS access using SSL
3. After the user logs on successfully, the core xap file is loaded. That is to say, there is an authentication process before the core xap file is downloaded. Or use redirection,After successful logon, the system redirects to The. xap file page in the protected area of the specified site.
4. Put the core business logic on the server-side with the authenticated WCF Service implementation (or any soap-based services, restful services or RIA Services)
5. obfuscation, or use obfuscator 1 or obfuscator 2.
(If you are a Web security expert or Silverlight security expert, you are welcome to provide guidance ). Download Other resources: Silverlight Security White Paper