Parents: Talk to your kids about Linux. Before somebody else does. -- XKCD
I saw a couple of posts where people were attempting to make GET or POST requests to some service (which, if not same-domain, had the required crossdomain.xml or clientaccesspolicy.xml file) and this service required BASIC authentication credentials.
Normally, you would add an "Authorization" header with the value "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" where the gobblydegook after the word BASIC is username:password converted to a Base64 string. That's standard W3C Header protocol.
Unfortunately, even though there is sample code illustrating this from Karen Corby here, it does not work (she does not actually add an Authorization header, just illustrates how to add a header). It turns out that the "Authorization" header is on the "restricted list". See here for a complete listing. So, if you have been trying to do this, or any similar header that is on the restricted list, you'll only get strange exceptions that make no sense at all, and you can give up and look for a workaround.
Obviously, the easy workaround is to have your own proxy page or service that would accept the requisite username and password on the querystring (encrypted if desired, or as form post fields) and your server-side code would make the full framework HttpWebRequest -- where we do not have such restrictions, and pass the results back to the Silverlight app. An annoyance to be sure, but "it is what it is". Here is an article I recently put together that provides an interesting workaround.