I'm not familiar with the Thinktecture Identity Server. However, based on the documentation from their website, I believe you would implement the DevForce IEntityLoginManager and in the implementation, authenticate against their service by requesting a token from the credentials that you collect from the client (username & hashed password).
You can find more information about implementing custom authentication with the IEntityLoginManager here:
This code to request a token was taken from the Thinktecture docs:
private string RequestToken() {
var client = new HttpClient();
client.DefaultRequestHeaders.Authorization = new BasicAuthenticationHeaderValue("username","password");
var result = client.GetAsync(baseAddress + "?realm=https://server/rp/").Result;
return result.Content.ReadAsStringAsync().Result;
}
You can place the token into the IPrincipal that is returned by the IEntityLoginManager so that you can use it to check against authorization rights later.
I know there's a way for Silverlight to inherit a security token from the website, but I can't remember the code/configuration to do this.
Our professional services team is in a better position to recommend best practices in security, but I hope this helps.
Best,
Ting
Edited by ting - 21-Dec-2011 at 4:43pm