Every application, whether a 2-tier or n-tier desktop application used only within an organization or an ASP.NET or Silverlight application accessible across the internet, must consider its threat exposure.
Consider the following:
If we assume that both the client and the transport are exposed and can be compromised, then we need to consider the risks to the application, its users, and the organization. Does your application contain sensitive information which should be restricted to certain users? Does it contain personal information such as an individual's health record or financial data? Are only paid users allowed access? If guest users are permitted, what data and operations can they access?
Silverlight applications have additional challenges. Because it’s often used to create public-facing applications, Silverlight is inherently more dangerous than in-house applications that run behind a firewall or over a VPN. Will your Silverlight application run out-of-the-browser? Will it use Isolated Storage? Will it access services on other domains?
As a developer you must ask all these questions, and many more, as you build and secure your application. In the following sections we'll look at how DevForce can help in authenticating and authorizing users, and other actions you can take to build a secure application.
In the following topics we'll discuss various aspects of securing your application:
Additional Resources
Since we can't cover every aspect of security here, we encourage you to learn more about this topic. Here are a few links to get started: