Use IIS Express 7.5 For Https-supported Silverlight Login

 

Only https logon is considered secure. the user name and password cannot be transmitted in plain text? However, it seems that the logon to the blog site is still http :-). It doesn't matter if it's a blog. It's not online shopping, and the security requirements are quite low.

With IIS Express 7.5, we can experience https during development, because it contains a self-signed certificate for development, which can be used for debugging. Speaking of certificates, I encountered a question about the certificate path today. It takes a long time for the user's machine to trust the certificate that should have been trusted. Note that: the Complete Certificate path must be imported to a trusted Certificate Authority.

Today's article is a ghost of certificate failure. To put it bluntly, you can refer to the Https function of IIS Express 7.5 here. Figure:

 

Set SSL in Project Properties

You will find that IIS Express has two URLs

Create a Silverlight Bussiness Application project.

 

 

1. Modify the AuthenticationService. cs file:

 

[EnableClientAccess (RequiresSecureEndpoint = true)]

Public class AuthenticationService: AuthenticationBase <User> {}

 

 

 

2. Modify the App. xaml file of the Silverlight project:

 

Public App ()

{

InitializeComponent ();

 

// Create a WebContext and add it to the ApplicationLifetimeObjects set.

// This can then be used as WebContext. Current.

WebContext webContext = new WebContext ();

FormsAuthentication formsAuth = new FormsAuthentication ();

WebContext. Authentication = formsAuth;

FormsAuth. DomainContext = new Web. AuthenticationContext (new Uri ("https: // localhost: 44300/Services/SilverlightLogin-Web-AuthenticationService.svc "));

// WebContext. Authentication = new WindowsAuthentication ();

This. ApplicationLifetimeObjects. Add (webContext );

}

In this way, we will use Https to transmit the user name and password when logging on.

 

3. Set the ClientAccessPolicy. xml file to the root directory of the website.

 

<? Xml version = "1.0" encoding = "UTF-8"?>

<Access-policy>

<Cross-domain-access>

<Policy>

<Allow-from http-request-headers = "*">

<Domain uri = "http: // *"/>

<Domain uri = "https: // *"/>

</Allow-from>

<Grant-to>

<Resource path = "/" include-subpaths = "true"/>

</Grant-to>

</Policy>

</Cross-domain-access>

</Access-policy>

 

 

You can set it like this, but you always get an error saying "cross-origin access, no policy file, and so on "!

Finally, add the self-signed certificate of IIS Express to a trusted authority to solve the problem!

I guess it may be that in silverlight, it will not prompt that the user certificate is not safe as in IE:

 

Only inexplicable error messages will be displayed!

Author smlk