I’ve just seen that Novell published Moonlight 1.0, the open source implementation of Silverlight for Linux. It’s very good for everyone, I can see just one problem: it’s Silverlight 1.0 implementation. Microsoft Silverlight is now in version 2.0.
Can Novell follow (or catch) Microsoft? They can, but it seems to me that they are unable to follow them fast enough. They are late with almost a whole version. And that’s too much for me.
If you need to access server resources from Silverlight (e.g uploading statistics, reading data from database), the easiest solution is to invoke an XML Web Service. I've seen many examples of Silverlight authentication for Web Services. Many of them are illustrated and well-written. The main problem is the security: they create the illusion of security. So if you want to create a secure authentication method, you can use the following solution to achieve a good level of security.
Log in user (either using ASP.NET or using Silverlight through an XML Web Service).
1: public bool Authenticate(string Username, string Password)2: {3: if (FormsAuthentication.Authenticate(Username, Password))4: {5: FormsAuthentication.SetAuthCookie(Username, false);6: return true;7: }8: return false;9: }
Now you can check if the user is authenticated.
1: if (HttpContext.Current.User.Identity.IsAuthenticated)2: {3: DoWork();4: return true;5: }6: else7: {8: DoNothingUserNotAuthenticated();9: return false;10: }
Now there are two main security threats:
You have to implement login functionality securely to make you application secure. So use SSL to prevent eavesdropping and tempering login data.
ASP.NET Forms authentication uses cookies to identify users (by default). You have to encrypt the authentication ticket using the server key and decrypt that whenever you read that. Don't persist the cookie if you don't have to.
The solution above can be secure. You can log on to the site. A security ticket is created with the user credentials, encrypted and stored on the user's machine. This cookie is accessible whenever user have to prove his identity, so you can access it even in an XML Web Service or through HttpContext.
Direct authentication pattern (I think) is not a solution for Silverlight Web Services, because password goes as plain text to the service every time it is invoked, or severe performance degradation occurs.
Microsoft has announced Visual Studio 2010 (VS). The list of changes that sounds interesting to me:
I can see two main possible problems with VS 2010. The first is WPF UI, the second are managed addons. Both means significant performance degradation. One of the main goals of Windows 7 is significantly improved performance. All the performance we can save on Windows 7 will be lost on WPF. VS 2008 is one of the fastest IDEs on the market, but it's becoming more and more slower. I doubt its performance will be as good as current VS 2008 performance.
On the other hand, I can hardly wait for built-in Silverlight 2, JQuery, Parallel Extension and MVC support. These will be great changes.
Link: Visual Studio 2010 Overview
Link: Visual Studio 2010 Product Overview (PDF)
Link: Visual Studio 2010 CTP Download
Visual Studio 2008 crashed every time I opened a XAML file. No crash dump, no messages, VS just disappeared. I used Silverlight designer before and worked fine. One day it just started crashing.
I've removed everyting from my computer containing Silverlight in it's name. I ran Microsoft Silverlight Tools Beta 2 for Visual Studio 2008 after that. Silverlight 2 content appeared in my browser, but Visual Studio 2008 keeped crashing. I reran Visual Studio 2008 SP1 setup. It didn't help.
Finally I tried Microsoft® Silverlight™ Tools for Visual Studio 2008 SP1. It works. XAML designer works, Visual Studio 2008 doesn't crash!!! It seems Silverlight chainer doesn't contain SP1 tools. So don't forget to install it manually if you have similar problems.
