Re: Out of browser update when site secured with Windows Authentication
I had considered that approach, but I 'knew' that you can't have multiple authentication schemes in IIS when using wcf (or maybe you can by configuring the bindings?). But I thought it would be rude not to try your suggestion seeing that you kindly took the time to reply, so I changed the authentication scheme on the ClientBin to anonymous and to my surprise it worked. It seems you can mix the authentication schemes across different locations, just not on the same location. So thanks, your suggestion fixed my problem and I improved my knowledge of IIS :-) On Wed, May 11, 2011 at 11:36 AM, Jordan Knight wrote: > You might like to investigate allowing anon access to the location of the > XAP, and/or only securing the location that the services live... > > On Wed, May 11, 2011 at 10:40 AM, Mikala Gardineros > wrote: > >> Hello, >> >> I have an intranet site (iis 7.5) that hosts a Silverlight oob >> application. The site also hosts a wcf service that is used by the oob >> application. >> >> I use Windows Authentication, primarily to lock down the wcf service, eg >> in the web.config. >> >> The user lifecycle is like this : >> >> a. First time they use their browser to navigate to the host web page. >> They are prompted for Windows credentials. >> >> b. User clicks a button that lets them install it oob. >> >> c. Lets say later the user launch the oob app, I pop up a login window >> and use the supplied windows credentials for subsequent wcf calls until they >> shut down the app. >> >> This works nicely. >> >> However, when they launch the app I do the standard >> App.Current.CheckAndDownloadUpdateAsync() to check for updates. The problem >> is that it doesn't detect updates. >> >> The reason it doesn't detect the update is because of a "401 - >> Unauthorized: Access is denied due to invalid credentials" on the xap file I >> can see in Fiddler. >> >> This makes perfect sense, I haven't supplied any credentials so why would >> IIS allow the user to access the new xap file. >> >> So, my question is, how can I supply credentials to >> CheckAndDownloadUpdateAsync() ? Or can someone suggest an alternative? >> >> Thank you in advance. >> >> Mikala >> >> >> ___ >> ozsilverlight mailing list >> ozsilverlight@ozsilverlight.com >> http://prdlxvm0001.codify.net/mailman/listinfo/ozsilverlight >> >> > > ___ > ozsilverlight mailing list > ozsilverlight@ozsilverlight.com > http://prdlxvm0001.codify.net/mailman/listinfo/ozsilverlight > > ___ ozsilverlight mailing list ozsilverlight@ozsilverlight.com http://prdlxvm0001.codify.net/mailman/listinfo/ozsilverlight
Re: Out of browser update when site secured with Windows Authentication
You might like to investigate allowing anon access to the location of the XAP, and/or only securing the location that the services live... On Wed, May 11, 2011 at 10:40 AM, Mikala Gardineros wrote: > Hello, > > I have an intranet site (iis 7.5) that hosts a Silverlight oob > application. The site also hosts a wcf service that is used by the oob > application. > > I use Windows Authentication, primarily to lock down the wcf service, eg > in the web.config. > > The user lifecycle is like this : > > a. First time they use their browser to navigate to the host web page. > They are prompted for Windows credentials. > > b. User clicks a button that lets them install it oob. > > c. Lets say later the user launch the oob app, I pop up a login window and > use the supplied windows credentials for subsequent wcf calls until they > shut down the app. > > This works nicely. > > However, when they launch the app I do the standard > App.Current.CheckAndDownloadUpdateAsync() to check for updates. The problem > is that it doesn't detect updates. > > The reason it doesn't detect the update is because of a "401 - > Unauthorized: Access is denied due to invalid credentials" on the xap file I > can see in Fiddler. > > This makes perfect sense, I haven't supplied any credentials so why would > IIS allow the user to access the new xap file. > > So, my question is, how can I supply credentials to > CheckAndDownloadUpdateAsync() ? Or can someone suggest an alternative? > > Thank you in advance. > > Mikala > > > ___ > ozsilverlight mailing list > ozsilverlight@ozsilverlight.com > http://prdlxvm0001.codify.net/mailman/listinfo/ozsilverlight > > ___ ozsilverlight mailing list ozsilverlight@ozsilverlight.com http://prdlxvm0001.codify.net/mailman/listinfo/ozsilverlight
Out of browser update when site secured with Windows Authentication
Hello, I have an intranet site (iis 7.5) that hosts a Silverlight oob application. The site also hosts a wcf service that is used by the oob application. I use Windows Authentication, primarily to lock down the wcf service, eg in the web.config. The user lifecycle is like this : a. First time they use their browser to navigate to the host web page. They are prompted for Windows credentials. b. User clicks a button that lets them install it oob. c. Lets say later the user launch the oob app, I pop up a login window and use the supplied windows credentials for subsequent wcf calls until they shut down the app. This works nicely. However, when they launch the app I do the standard App.Current.CheckAndDownloadUpdateAsync() to check for updates. The problem is that it doesn't detect updates. The reason it doesn't detect the update is because of a "401 - Unauthorized: Access is denied due to invalid credentials" on the xap file I can see in Fiddler. This makes perfect sense, I haven't supplied any credentials so why would IIS allow the user to access the new xap file. So, my question is, how can I supply credentials to CheckAndDownloadUpdateAsync() ? Or can someone suggest an alternative? Thank you in advance. Mikala ___ ozsilverlight mailing list ozsilverlight@ozsilverlight.com http://prdlxvm0001.codify.net/mailman/listinfo/ozsilverlight