>
> I don't think Silverlight supports such authentication.
>
Yeah, it looks that way. Most of the important certificate classes and
methods are stripped out of the mini CLR. I eventually decided that the
phone must perform a one-off registration, but I'm still not sure how the
phone can identify i
Greg
What it sounds like you are being asked to do is certificate based
authentication. This is something that cannot be forged, unlike a 'magic
number'. The server can verify the validity of the cert and identify the
client. You might have individual certs to identify a user or device.
I've do
Howdy, I've been thinking about this overnight and have had no Eureka!
moment. I do have the factory ID of the phone, but I think registering the
IDs on the server would be a bother (in any case, a fake client could send
any ID it wanted to fool the server).
The client and server both have the sam
And then I read your email a second time and notice you said Silverlight
PHONE app. Perhaps you could use something similar... but as it's not
hosted on a web server, but instead its on the phone that might not work.
Perhaps a call to a server with a login where a key is given out for that
session?
Hey Greg
In the past I've handed the Silverlight xap file something random (lets
call it a key to get in) in the init parameters. The client then gives that
back to the WCF service as proof that the Xap file was launched by a known
web server. You could renew it periodically or let it run for that