C H A P T E R  8

Securing Your Application

In any business application, securing data and operations appropriately so that only approved users have access should be a significant design factor. Not doing so effectively opens the business to threats from snooping competitors, breaches of privacy laws, and even sabotage. Therefore, designing effective security into your application is extremely important. This generally involves validating users' identities, tracking them and their assigned roles, and restricting their access to approved data and operations accordingly.

However, you should take into account some additional security-related considerations when designing your Silverlight application. For example, if the application is being run outside of the corporate network, you are at risk of your data being sniffed between the server and the client. Also, exposing your services publicly leaves you at risk of someone attempting to access them directly without going through the Silverlight client. Another concern is that your Silverlight application will be available publicly for download, enabling competitors to decompile it and obtain access to potentially sensitive intellectual property, such as algorithms and other assets.

In this chapter, we will take a look at these security-related issues, as well as how to implement restrictions based the users and their roles and the various preventative measures you can take to stop your data, applications, and business from being compromised.