Home/ Questions/Q 653889
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T22:25:58+00:00

i’ve just read a few posts on hiding Silverlight code in some way. Main

  • 0

i’ve just read a few posts on hiding Silverlight code in some way.
Main conclusion was that you can obfuscate it, but you can’t realy hide it, so secure things must be done at the server.
But then, anyone can see via Fiddler what kind of data is posted to a particular webservice. For instance, they can see that i’m calling UpdateCustomer.asmx.
And if they do, what can i do to stop them from calling that asmx too?
Is there a way to allow only ‘my silverlight app’ to call that method?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I suppose if you wanted to be really paranoid, you could marshal all calls from your client application through one web service endpoint and encrypt the payload…something like:

    • Client application hits endpoint “givemeatoken.asmx”
    • Server generates some key token
    • Client encrypts all calls using said token, passing them to single endpoint “onlyservice.asmx”
    • Server decrypts payload of calls using token, and routes calls to “real” web services.
    • Server retrieves results of call, re-encrypts using token, and passes back to client
    • Client decrypts results and does what it needs to do.

    But that’s just crazy talk….and kind of pointless, since you could reverse engineer the Silverlight code itself to figure out what the “real” services would be. If you really want to secure your app, use authentication; both on the client side and the server side (i.e., calls to the services require an authentication ticket of some sort)

    • 0