简体   繁体   中英

Silverlight XAP file security

I'm using a standard ASP.NET login page to protect a Silverlight XAP file – I don't want users to be able to download the XAP unless they login in.

To do this I added the following to system.web in the web application's web.config:

<authentication mode="Forms">   
   <forms loginUrl="login.aspx" timeout="30" />
</authentication>
<authorization>
   <deny users="?"/>
</authorization>

If I use the application using the Visual studio development web server then everything works as I expect. However, if I use IIS then you can browse and download the XAP without logging in.

Am I missing something or is this not possible?

在此处输入图片说明

You would have to protect your directory in IIS itself in order to deny the user. Here's some information that should help you out: IIS Secure Content

To run Silverlight application, a browser need to download xap file. That's why it is impossible to protect your xap file from being downloaded.

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM