|  Login
 Live Silverlight 2.0 Webservice Example
 The Module

When calling web services you do not want to transmit unencrypted passwords over the network. Simply encrypting the passwords is not enough because the username / encrypted password combination can be captured with a packet sniffer or retrieved from the web browser cache and used to access the web service.

The module creates a unique random password each time the module is accessed.

If you are not logged in and you click the button you will see:

If you are logged in you will see your name:

The Code

The module demonstrates techniques which should prove to be important when creating Silverlight 2.0 applications that communicate with DotNetNuke:

  • Creating a unique temporary password
  • Passing this password and other relevant information to the Silverlight application from the DotNetNuke website
  • Calling a web service from Silverlight 2.0

Creating a unique temporary password

A simple library using code borrowed from the IWeb project is used to create a temporary password for the current user:

strPassword = IWebXAMLSupport.SetXAMLCall(objUser, ModuleId, 1);

The password as well as other parameters are set on the Silverlight control:

SilverlightControl.InitParameters = String.Format("PortalID={0},ModuleId={1},UserID={2},Password={3},WebServiceURL={4}", intPortalID.ToString(), ModuleId.ToString(), intUserID.ToString(), strPassword, strWebServiceURL);

The Silverlight control passes the parameters to the App.xaml.cs file which passes the parameters to the constructor of the code behind class for the XAML file that displays the button:

private void Application_Startup(object sender, StartupEventArgs e)
{
  // Load the main control
  this.RootVisual = new Page(e.InitParams["PortalID"], e.InitParams["ModuleId"], e.InitParams["UserID"], e.InitParams["Password"], e.InitParams["WebServiceURL"]);
}

When the button is clicked, these parameters are used to make a web service call to the DotNetNuke website and display the response:

void btnButton_Click(object sender, RoutedEventArgs e)
{
  var proxy = new WebServiceSoapClient();
  EndpointAddress MyEndpointAddress = new EndpointAddress(strWebServiceURL);

  proxy.Endpoint.Address = MyEndpointAddress;
  proxy.GetUserCompleted += new EventHandler<GetUserCompletedEventArgs>(proxy_GetUserCompleted);
  proxy.GetUserAsync(intPortalID, strModuleId, intUserID, strPassword);
}

void proxy_GetUserCompleted(object sender, GetUserCompletedEventArgs e)
{
  btnButton.Content = e.Result.ToString();
}

Secure Web Services

This method provides secure web services because:

  • The DotNetNuke password is never displayed on any page or transmitted over the network.
  • The password changes each time the page is accessed so a page (and the username / password combination) retrieved from the web browser cache (for example if the page were accessed at a public internet cafe) will contain a password that has either been changed, expired, or due to expire soon (the last username / password combination expires after 1 hour. This can be set to a lower number for greater security).
 Download Code

To make this work you will need to use the latest DotNetNuke and then open the site Using the latest Visual Studio 2008(or Visual Web Developer Express 2008). Use Open Web Site. When the box appears to upgrade the site to asp.net 3.5 say yes. You also need to add systems.web.silverlight dll (you can get this from the source code version) to the DotNetNuke "bin" folder. You also need to add the MIME Type to your web server.

 Silverlight2Webservice_02.00.00_Install.zip

Source code for the Silverlight program:

Silverlight2Webservice.zip