Silverlight/WCF login session


I am working on a system with Silverlight and using WCF to call services to do all of the work on the server side.

I need to have a user log into the system, and once they are verified, all calls to the server need to contain the user info so the server can check security policies and do other operations based on the user.

What is the best way to do this? I can create some kind of a user class and send it to the server with every call, but is there a better way to do this with Silverlight and or WCF?


I would use standard token based approach. When you login to the server (by passing all required information through a user class as you suggested) the server will respond with a token. Every other server call will require a valid token. Server then validates that the token is still valid (it will automatically expire after some time) and that it comes from the same machine/user (you can check IP address for example).

This is probably the way I would implement that. You don't want to pass all the user information with every server call. (If you are on Intranet you might want to use impersonation or something like that.)


Silverlight controls can't access session variables directly as silverlight controls are client side controls.but we can call WCF services to manage session in Silverlight.

We have to Set the session variable in the wcf service as follows.

<ServiceContract(Namespace:="")> _ <AspNetCompatibilityRequirements (RequirementsMode:=AspNetCompatibilityRequirementsMode.Allowed)> _ Public Class PersonService <OperationContract()> _ Public Sub DoWork() ' Add your operation implementation here End Sub ' Add more operations here and mark them with <OperationContract()> <OperationContract()> _ Public Sub SetSessionVariable(ByVal Sessionkey As String) System.Web.HttpContext.Current.Session("Key") = Sessionkey System.Web.HttpContext.Current.Session.Timeout = 20 End Sub <OperationContract()> _ Public Function GetSessionVariable() As String Return System.Web.HttpContext.Current.Session("Key") End Function End Class

By referencing the service to the silverlight application we can set the session variable in .xaml page as follows.

Dim client As Service.PersonServiceClient = New Service.PersonServiceClient() 'Calls the SetSessionVariable() and store values in the session. client.SetSessionVariableAsync("Soumya") We will get the session variable in the .xaml page by calling GetSessionVariable() where we want to check the session Dim client As Service.PersonServiceClient = New Service.PersonServiceClient() AddHandler client.GetSessionVariableCompleted, AddressOf client_GetSessionVariableCompleted client.GetSessionVariableAsync() Private Sub client_GetSessionVariableCompleted(ByVal sender As Object, ByVal e As GetSessionVariableCompletedEventArgs) Try If Not String.IsNullOrEmpty(e.Result) Then MessageBox.Show(e.Result) Else MessageBox.Show("Your session has been expired") End If Catch ex As FaultException End Try End Sub


  • WCF Impersonation and SQL trusted connections?
  • ASP.NET MVC model binder parse decimal differently with GET and POST requests
  • Upload large files 100mb+ to Sharepoint 2010 via c# Web Service
  • Show a link in fpdf
  • Access a shared folder(which is protected)
  • Single Web API controller per resource or less controllers with more custom actions?
  • Dynamically Impersonate a remote user - c# and asp.net
  • Get the computer user name in a web application
  • Google cloud datastore emulator init data
  • Google OAuth2 for an web application hosted behind NAT (intranet server without public IP)
  • How to resolve docker host names (/etc/hosts) in containers
  • Should I be afraid to use UDP to make a client/server broadcast talk?
  • JSR-330 support in Picocontainer : @Inject … @Named(\"xxx)
  • Creating a DropDownList
  • Who propagate bugfixes across branches (corporate development)?
  • Graphics.CopyFromScreen [Web application] + The handle is invalid
  • rspec simple example getting error on request variable in integration test
  • Unable to decode certificate at client new X509Certificate2()
  • ADO and msqli connections very slow
  • Django simple Captcha “No module named fields” error
  • How to attach a node.js readable stream to a Sendgrid email?
  • Meteor: Do Something On Email Verification Confirmation
  • Exception “firebase.functions() takes … no argument …” when specifying a region for a Cloud Function
  • Cannot resolve symbol 'MyApi'
  • Scrapy recursive link crawler
  • How to get address from latitude and longitude android google map v2 [duplicate]
  • C# - Serializing and deserializing static member
  • javaw.exe and eclipse startup problems
  • Spray.io: When (not) to use non-blocking route handling?
  • Apache 2.4 and php-fpm does not trigger apache http basic auth for php pages
  • Bug in WPF DataGrid
  • Incrementing object id automatically JS constructor (static method and variable)
  • Does CUDA 5 support STL or THRUST inside the device code?
  • Release, debug version and Authorization Google?
  • Function pointer “assignment from incompatible pointer type” only when using vararg ellipsis
  • Is there a mandatory requirement to switch app.yaml?
  • using HTMLImports.whenReady not working in chrome
  • Can Visual Studio XAML designer handle font family names with spaces as a resource?
  • How can I remove ASP.NET Designer.cs files?
  • Are Kotlin's Float, Int etc optimised to built-in types in the JVM? [duplicate]