I have an 3rd Party API I’m wanting to use from my Silverlight 4 Application. It’s interface is simply a web request (NOT A WEB SERVICE!) with form variables. According to everything I’ve read, this is not possible because of security issues? What security issues? Is there no way to do this? I can understand not allowing this with web services, but with simple web requests?
I cannot use my RIA Services gateway because the data is VERY sensitive and I cannot (and do not want to) transmit it under my own SSL cert. This is RIDICULOUS!
To stop Cross Site Request Forgery (XSRF). Without this measure, what’s to stop an attacker from issuing requests to online banking sites (or any site) on the users behalf? Exploiting the fact he may have cookies stored which will allow the request to go through.
It’s too bad the internet has turned into an assumed guilty until proven innocent situation, as I could see many useful, non-malicious, uses for sending web requests.