Re: Out of browser update when site secured with Windows Authentication

2011-05-10 Thread Mikala Gardineros
I had considered that approach, but I 'knew' that you can't have multiple
authentication schemes in IIS when using wcf (or maybe you can by
configuring the bindings?).

But I thought it would be rude not to try your suggestion seeing that you
kindly took the time to reply, so I changed the authentication scheme on the
ClientBin to anonymous and to my surprise it worked.  It seems you can mix
the authentication schemes across different locations, just not on the same
location.

So thanks, your suggestion fixed my problem and I improved my knowledge of
IIS  :-)

On Wed, May 11, 2011 at 11:36 AM, Jordan Knight  wrote:

> You might like to investigate allowing anon access to the location of the
> XAP, and/or only securing the location that the services live...
>
> On Wed, May 11, 2011 at 10:40 AM, Mikala Gardineros  > wrote:
>
>> Hello,
>>
>> I have an intranet site (iis 7.5) that hosts a Silverlight oob
>> application.  The site also hosts a wcf service that is used by the oob
>> application.
>>
>> I use Windows Authentication, primarily to lock down the wcf service, eg
>>  in the web.config.
>>
>> The user lifecycle is like this :
>>
>> a.  First time they use their browser to navigate to the host web page.
>> They are prompted for Windows credentials.
>>
>> b.  User clicks a button that lets them install it oob.
>>
>> c.  Lets say later the user launch the oob app, I pop up a login window
>> and use the supplied windows credentials for subsequent wcf calls until they
>> shut down the app.
>>
>> This works nicely.
>>
>> However, when they launch the app I do the standard
>> App.Current.CheckAndDownloadUpdateAsync() to check for updates.  The problem
>> is that it doesn't detect updates.
>>
>> The reason it doesn't detect the update is because of a "401 -
>> Unauthorized: Access is denied due to invalid credentials" on the xap file I
>> can see in Fiddler.
>>
>> This makes perfect sense, I haven't supplied any credentials so why would
>> IIS allow the user to access the new xap file.
>>
>> So, my question is, how can I supply credentials to
>> CheckAndDownloadUpdateAsync()  ?  Or can someone suggest an alternative?
>>
>> Thank you in advance.
>>
>> Mikala
>>
>>
>> ___
>> ozsilverlight mailing list
>> ozsilverlight@ozsilverlight.com
>> http://prdlxvm0001.codify.net/mailman/listinfo/ozsilverlight
>>
>>
>
> ___
> ozsilverlight mailing list
> ozsilverlight@ozsilverlight.com
> http://prdlxvm0001.codify.net/mailman/listinfo/ozsilverlight
>
>
___
ozsilverlight mailing list
ozsilverlight@ozsilverlight.com
http://prdlxvm0001.codify.net/mailman/listinfo/ozsilverlight


Re: Out of browser update when site secured with Windows Authentication

2011-05-10 Thread Jordan Knight
You might like to investigate allowing anon access to the location of the
XAP, and/or only securing the location that the services live...

On Wed, May 11, 2011 at 10:40 AM, Mikala Gardineros
wrote:

> Hello,
>
> I have an intranet site (iis 7.5) that hosts a Silverlight oob
> application.  The site also hosts a wcf service that is used by the oob
> application.
>
> I use Windows Authentication, primarily to lock down the wcf service, eg
>  in the web.config.
>
> The user lifecycle is like this :
>
> a.  First time they use their browser to navigate to the host web page.
> They are prompted for Windows credentials.
>
> b.  User clicks a button that lets them install it oob.
>
> c.  Lets say later the user launch the oob app, I pop up a login window and
> use the supplied windows credentials for subsequent wcf calls until they
> shut down the app.
>
> This works nicely.
>
> However, when they launch the app I do the standard
> App.Current.CheckAndDownloadUpdateAsync() to check for updates.  The problem
> is that it doesn't detect updates.
>
> The reason it doesn't detect the update is because of a "401 -
> Unauthorized: Access is denied due to invalid credentials" on the xap file I
> can see in Fiddler.
>
> This makes perfect sense, I haven't supplied any credentials so why would
> IIS allow the user to access the new xap file.
>
> So, my question is, how can I supply credentials to
> CheckAndDownloadUpdateAsync()  ?  Or can someone suggest an alternative?
>
> Thank you in advance.
>
> Mikala
>
>
> ___
> ozsilverlight mailing list
> ozsilverlight@ozsilverlight.com
> http://prdlxvm0001.codify.net/mailman/listinfo/ozsilverlight
>
>
___
ozsilverlight mailing list
ozsilverlight@ozsilverlight.com
http://prdlxvm0001.codify.net/mailman/listinfo/ozsilverlight


Out of browser update when site secured with Windows Authentication

2011-05-10 Thread Mikala Gardineros
Hello,

I have an intranet site (iis 7.5) that hosts a Silverlight oob application.
The site also hosts a wcf service that is used by the oob application.

I use Windows Authentication, primarily to lock down the wcf service, eg
 in the web.config.

The user lifecycle is like this :

a.  First time they use their browser to navigate to the host web page.
They are prompted for Windows credentials.

b.  User clicks a button that lets them install it oob.

c.  Lets say later the user launch the oob app, I pop up a login window and
use the supplied windows credentials for subsequent wcf calls until they
shut down the app.

This works nicely.

However, when they launch the app I do the standard
App.Current.CheckAndDownloadUpdateAsync() to check for updates.  The problem
is that it doesn't detect updates.

The reason it doesn't detect the update is because of a "401 - Unauthorized:
Access is denied due to invalid credentials" on the xap file I can see in
Fiddler.

This makes perfect sense, I haven't supplied any credentials so why would
IIS allow the user to access the new xap file.

So, my question is, how can I supply credentials to
CheckAndDownloadUpdateAsync()  ?  Or can someone suggest an alternative?

Thank you in advance.

Mikala
___
ozsilverlight mailing list
ozsilverlight@ozsilverlight.com
http://prdlxvm0001.codify.net/mailman/listinfo/ozsilverlight