Silverlight 4 Secure LOB Application - WCF vs WCF Ria Services

3
votes

I am new to Silverlight and i am planning to develop a Secure LOB application which connects to a SQL backend for the company i work for. I have been reading around the topic on services and have read differing views on WCF vs Ria Services, alot relating to Silverlight 3. Seeing as we are now on Silverlight 4 and Silverlight 5 is in Beta i was hoping to get some more up to date answers. Please excuse me if there are gaps in my knowledge as i am learning.

  1. I have read Ria Services is suited to a smaller database. "Smaller Database" was unclear and was wondering if anyone could explain this?

  2. Seeing as RIA services duplicates the SQL/Linq back to the client does this expose any security risks through reverse engineering?

  3. I have read that RIA Services is limited in comparison to WCF Services. In what respect is this limited? If RIA cannot complete some of our logic am i able to implement a normal WCF Service in a RIA Services project?

  4. At the moment we plan to only connect to the services via Silverlight but will RIA Services make this harder if we plan to expand in the future?

  5. Is it possible to run a Silverlight over LAN as well as the internet at the same time?

  6. Is Microsoft heading towards either of the two as standard for future releases?

  7. What would you recommend?

Thanks in advance.

1
wcfsilverlightsilverlight-4.0wcf-ria-services

1 Answers

4
votes

Here are my thoughts. (For full disclosure, I work on the RIA team.)

  1. RIA DomainServices work best when you partition them into Unit-of-Work chunks. However, it can be tricky to tease apart your database relationships to do this correct, and often people will just use a single DomainService for their entire application. The size of the DomainService scales with the number of tables/entities you have so sometimes it gets unwieldy.
  2. Allowing LINQ on the client doesn't expose more than your service would otherwise expose. It really only allows clients to narrow and shape the data that is returned. If you're concerned about security, RIA provides authorization attributes (RequiresAuthenticationAttribute, etc) that can be used to secure your services.
  3. RIA is built on WCF so you have that same power of the underlying framework. However, since RIA does most of the configuration for you, you don't have the same vast spectrum of flexibility.
  4. It may make it easier. See Jeff's post on RiaJS.
  5. Yes.
  6. WCF is already a standard. RIA is built on top of WCF to make common scenarios and rich clients easier.
  7. If RIA seems like a good fit for your application, start there. As your application matures, don't be afraid to mix in a few WCF services where RIA doesn't provide the support you need. With V1, RIA works best when you play by the rules (CRUD operations for Entities, Invoke operations for other things). It wouldn't hurt ask around on the forums to see if people are doing things that you think you'd want to do in your application.