When I first started writing web application for .NET, I found a great article on security which told me how to create forms authentication and protect myself from sql injection attacks by using stored procedures and parameters.
Today, with Silverlight, we have some additional challenges. The Silverlight code is now on the clients machine. How do we protect access to webforms, passwords, or protect our database control string and stop users from reading or stealing our client code?
Most examples out there today are designed as sales pitches, everything is so easy when error handling and security is completely ignored.
I would love to write an article for you that gave you step by step best practices, but like many of you I am still at the start of this exciting journey, so this is a plea to those who are designing these technologies and evangelising their use.
WE NEED STEP BY STEP EXAMPLES SHOWING SECURITY BEST PRACTICES FOR SILVERLIGHT.
We need examples that can be used by small development teams (1 to 5 people) who are being told by their management (who have just watched or been to one of the flashy launch events) do me a website like MGM Stargate or NBC sports or Continental Airlines, that will handle customer orders in a way that will blow Amazon away.
Resources which I had in 2002 when I started with .Net were:
http://msdn.microsoft.com/en-us/library/aa302370.aspx by Timothy Bollefer, Girish Chander, Jesper Johansson, Mike Kass, and Erik Olsen.
A more recent whitepaper for silverlight 2 security is available here
but it is by no means a step by step guide of all of the thing you need to do to make your applications secure.
So come on Scott Hansleman, Tim Heuer, Phil Haack, Scott Guthrie, Beth Massie, The Silvelight Developer Team, The Visual Basic Developer Team, you have been challenged to provide step by step articles and videos or point us to appropriate references. The articles should be based around Silverlight 3 and technologies which are current today. And, of course, be available in both VB and C#.