8. RIA与RIA- 本地访问 Silverlight与HTML对象:JavaScript接口 Silverlight应用之间:本地消息 Domain 1 Domain 2 本地消息接受者 Local Message Receiver 本地消息发送者 Local Message Sender 本地消息接受者 Local Message Receiver 本地消息发送者 Local Message Sender
9. 单体RIA- 按需加载 Silverlight 应用 应用 Package (.xap) In-Package 文件 应用程序集 (.dll) Library 程序集 Library 程序集 Library 程序集 Entry Point Application Class Application Class Application Class Application Class Application Class Application Class Application Class Application Class 资源文件 资源文件 资源文件 资源文件 ExternalPart程序集 On-Demand 程序集 (缓存) (延后)
19. 安全机制 – 身份传递 身份信息如何传递给后台服务? Browser-Based (自动) Windows Authentication ASP.NET Form Authentication/Cookies Message-Based (手工) URL 参数 消息头包含Username/Password 或Token
20. Browser-Based Authentication Example with Cookies + Forms Auth E.g.: ASP.NET loginUser:Password: Credentials YourDomain.com Auth info (cookie) Service calls + Auth info Browser
21. Browser-Based Authentication Login through Silverlight YourDomain.com Call with credentials toASP.NET Auth Service User:Password: ASP.NET Auth Service Reply contains cookie Service calls + Auth info Browser
22. Browser-Based Authentication Using Windows Authentication Windows loginUser:Password: YourDomain.com Service calls + Creds Browser
23. Browser-Based Authentication: Cross-Domain Threat MyBank.com LoginUser:Password: Credentials MyBank.com Auth info (e.g. cookie) Could steal orchange dataif protection wasn’t in place 恶意请求 + Auth info 恶意程序 恶意网站
24. Message-Based Authentication Identity managed by Silverlight, not the Browser YourDomain.com User:Password: Creds are added by Silverlight, not browser No creds 恶意网站 Browser