One of the new features of the client http stack in Silverlight 4 is the ability to supply network credentials. When I use this feature Windows shows a "Windows Security" message box that prompts the user for a login and password (text in the box is "The server xx at xx requires a username and password. Warning: This server is requesting that your username and password be sent in an insecure manner (basic authentication without a secure connection)."). I'm setting the login and password as shown below so I'm not sure why this is displayed. My code is:
var request = WebRequestCreator.ClientHttp.Create(new Uri("http://myserver:8080/gui/?list=1"));
request.Credentials = new NetworkCredential("login", "password");
request.BeginGetResponse(new AsyncCallback(OnRequestComplete), request);
If I enter the username and password into the messagebox the request completes successfully. For a number of reasons I'd rather prompt the user for the login and password so I'd like to avoid the messagebox if possible.
My setup is Silverlight 4 final, VS 2010 final, Windows 7 x86. The application is out of browser with elevated permissions.
If you call to the web server is a cross-site call you will have to specify a client access policy on the web server to enable the authorization header. You should either place the XAP file on http://myserver:8080 or add a clientaccesspolicy.xml file to the web site on http://myserver:8080.
Tim Heuer has some more information about how Silverlight 4 enables Authorization header modification.