We have a WCF service with custom username/password authentication. The service runs over SSL.
On our existing WPF application we pass the username and password combination to the service every time it is called (i.e. we don't have any sessions with the service). The credentials are stored in memory on the client application.
Now we are looking at using Silverlight, and I'm thinking that storing the credentials in memory are going to pose a security risk.
What is the recommended advice for storing credentials when using a custom username/password service?
Thanks in advance
Matt
Best Answer
It's a security risk in both WPF and Silverlight. In my app I'm planning to use Authentication through message headers by implementing an operation behavior, but I'm going to pass a token rather than a username/password.