[

RequiresAuthentication]

I think that the [RequiresAuthentication] tag will cause unauthorized direct access to the service calls to fail.

With all of the security options, connection types and information detailing them, it was difficult to see the simplicity of what was already included by default.

Here is a nice blog post about Silverlight authentication which might prove useful. 

1. Uncomment (or add) [RequiresAuthentication] above the service class (in your Website project).
2. Make sure the page you are using to contain the silverlight app is an authenticated page.

Of course, you could use the RequireRole attribute etc. in the service class also... for the whole class or individual methods.

I believe that this is the correct way to secure services hosted in a secure website.

Is all of that correct?

If so, why is it so hard to find online? I still cannot find a discussion of it online.
If not, then I know I can just check System.Web.HttpContext.Current.User.Identity.IsAuthenticated in each service method and return null if it is false. That seems a little silly when there is a [RequiresAuthentication] attribute..

The majority of the info online (including the linked blog) seems to be very complicated. I believe that it is mostly related to running a silverlight app on an unathenticated page or using custom authentication, https, etc. In other words, it is mostly aimed at how to secure the silverlight app when it is not hosted in website's authenticated page. In that case, just like in the case of securing a website itself, the details/options can be very complicated.

I am always looking to save time and to keep things simple. It seems that I can never find information online that helps me do that. It is eiter way too simple or way too complicated to be of much use at all.