Silverlight and basic authentication

Silverlight client does not support TransportCredentialOnly to enable Basic authentication. Here is some code to add the basic authentication http header to a standard Silverlight WCF proxy:



            ServiceReference1.ServiceClient svc = new ServiceReference1.ServiceClient(); // binding, new EndpointAddress(“any.txt://”));

           svc.GetDataUsingDataContractCompleted += (s, a) =>




            using (OperationContextScope contextScope = new OperationContextScope(svc.InnerChannel))


                var bc = Encoding.UTF8.GetBytes(@”mymachine\IISUser” + “:” + “Password#1”);

                HttpRequestMessageProperty httpProps = new HttpRequestMessageProperty();

                httpProps.Headers[HttpRequestHeader.Authorization] = “Basic ” + Convert.ToBase64String(bc);

                OperationContext.Current.OutgoingMessageProperties[HttpRequestMessageProperty.Name] = httpProps;

                svc.GetDataUsingDataContractAsync(new ServiceReference1.CompositeType() { BoolValue = true, StringValue = “9999” });


Assumption is that the web service and the Silverlight application are served from different servers: otherwise the browser would already be authenticated by the time the web service is called. Therefore cross-domain is also going to be an issue and therefore a crossdomainpolicy.xml would also need to be installed on the web service server. The file will need to include permissions for both SOAPAction and Authentication headers.



Leave a comment