×

First time here?

You are looking at the most recent posts. You may also want to check out older archives. Please leave a comment, ask a question and consider subscribing to the latest posts via RSS or email. Thank you for visiting!

If you are starting to get into integrating web services with Silverlight, you'll notice that you have to have a cross domain policy file in place on the target server, that is to say, the server hosting the service you want to implement.  There are some public web services (Flickr, YouTube, Digg, etc.) that already have these files in place for Flash, but implement in a slightly different way.

When calling a cross-domain service, Silverlight will check for the existence of clientaccesspolicy.xml first.  This is the format defined by Silverlight and provides a pretty flexible way to define who can access what services.  If not found, it will then default to look for crossdomain.xml, which is the file format implemented for Adobe Flash.  It is important to note that this file will also still work for most public web services.

But now perhaps you are the author of the service that your application is going to consume and/or the public will consume.  There are a few things you want to consider.  First, it would be a best practice to put your service layer on a separate domain other than your site (i.e., api.mysite.com).  In fact, this is how most are doing it these days.  These helps separate more distinctly the services from the web site and also separates the cross-domain security concerns away from the content site versus API access.  Once you have done that you'll want to implement your specific clientaccesspolicy.xml file.

When Silverlight 2 was released to beta, I created some quick helper files to assist me with creating this simple policy file (it is simple, but can get complex depending on how granular you want to define your access).  I figured it might be helpful to some who are implementing services as well.  Sure, they aren't going to save the world, but might save you some quick typing.

Visual Studio Code Snippet

The slcap.vsi file is a Visual Studio Community Installer package which contains "slcap.snippet," which is a Visual Studio code snippet format.  This is an XML snippet, so would be used only in the context of an XML file.  Just double-click on the .vsi file to install and it will walk you through the steps.  I recommend just keeping the defaults.  After it is complete, you now have an Intellisense snippet.  To use it and create a new clientaccesspolicy.xml add a new XML file to your web service site/project named clientaccesspolicy.xml.  It will open a blank XML file by default.  Select all text (CTRL+A).  Then hit the keyboard shortcut for launching XML snippets, CTRL+K,X.

NOTE: For some reason XML snippets don't operate like C#/VB ones do where you type the shortcut, then TAB, TAB.  If anyone knows why, let me know :-)

This will bring up the navigator, then simply navigate to the My XML Snippets, then locate the one you just installed:

Once you select it, there are three literal areas to override the defaults if you wanted. 

UPDATE: As Sean probably ran into below (in comments), the above screenshot does not show the required http-request-headers attribute required on the allow-from node of the policy file.  This is, however, updated in the Intellisense files and the code snippet template.  Thanks Sean for pointing out the screenshot is wrong here.

If you are implementing a completely public web service (open to anyone for cross-domain access), then the defaults will suffice.  When done changing the values, hit enter and you are done.  For those who are not keyboard shortcut masters and would be using a mouse to do all this, it might not be terribly faster to be honest (if the TAB,TAB implementation was there for XML snippets, it would eliminate the arrow up/down to navigate to the snippet).

Get the slcap.snippet here.

Visual Studio Intellisense Files

This next step is a super hack that I originally did and decided it might not be a good idea, but I'll include it here anyway :-).  This involves adding Intellisense files to your VS2008 installation and if you aren't comfortable with that, then move along.

First, you'll want to get the XSD I created, which is very simple and I'm sure doesn't fully conform to the final spec, but lacking that spec, it maps to the format well enough.  Copy the clientaccess.xsd file to the C:\Program Files\Microsoft Visual Studio 9.0\Xml\Schemas location (or wherever VS2008 is installed for you).  Once you've done that you have to add an entry into the catalog.xml file to add the mapping.  Again, not this is my little hack so I created some namespace because there wasn't one defined yet.

Once you have those two files you have Intellisense for your clientaccesspolicy.xml file if you want it.  Following similar steps as above, create the new file.  This time, however, type the root node of <access-policy> but adding the 'xmlns' attribute pointing to the new namespace you just added to the catalog file (note: Intellisense should give you a list to choose from:

Once you have that, then you'll get the rest of the Intellisense for the basic format of the client access policy format.  If you have multiple allow-from/grant-to needs, this Intellisense will support it.

The only lame thing is you have my namespace in there :-).  That is what drives the Intellisense.  Right now you'll want to remove that before deploying the actual file.  Yeah, I know.  But I said this was an early hack of mine didn't I?

Get the Intellisense files here.

What do to with the completed policy file?

Either way, when you are done with the file, it needs to go in the ROOT of the domain.  This is important as it is not the application root, but the root web.  Even if your app is at foo.com/myapp, the policy file needs to be at foo.com/clientaccesspolicy.xml.

Anyhow, maybe these files will help you.  Ideally you won't be using/messing with an access policy file much, but this might save you some clicks and having the docs open next to you :-).


4/7/2008 4:19 AM | # re: Silverlight cross domain policy file helpers
Hey Tim :)

maybe you wanna mention that cross doamin policies are currently not supported for SSL (i.e. HTTPS).

Cheers,
Christian
4/7/2008 5:44 AM | # re: Silverlight cross domain policy file helpers
Hi Tim

Any clue if this supported by silverlight streaming services? I tried several time to get access to the file but doesn't seems to work.

Regards
Laurent Kempé
4/7/2008 8:22 AM | # re: Silverlight cross domain policy file helpers
very nice! no more writing web services that simply relay requests. What will I do with all my free time?
4/7/2008 2:25 PM | # re: Silverlight cross domain policy file helpers
Hi Tim,

Would this apply to Silverlight 1.0 or just 2?
4/7/2008 3:00 PM | # re: Silverlight cross domain policy file helpers
Byron: thanks for the comment for clarification! Silverlight 1.0 does not support cross-domain calls so this applies for Silverlight 2
4/9/2008 7:34 AM | # re: Silverlight cross domain policy file helpers
Hey Laurent and Tim - I'm interested in the same -- the extent to which cross-domain calling is supported by apps running on the Streaming service.

Thanks for a great article Tim! Installed these bits into my VS.
4/9/2008 12:42 PM | # re: Silverlight cross domain policy file helpers
Rob: thanks for the note. See http://timheuer.com/blog/archive/2008/04/09/cross-domain-in-silverlight-streaming.aspx for an example of a streaming app calling a cross-domain service!
5/2/2008 4:08 AM | # re: Silverlight cross domain policy file helpers
Tim,
I have an issue with using a semicolon in the url. I want to call an api, in this format http://somesite/page;xml and this is working when I call it through various different ways. But is not working through the silverlight 2.0 beta 1 release. I think this is being trapped by the policy file in some way, and refused access. Have you any idea if this is the case?
peter
5/2/2008 2:56 PM | # re: Silverlight cross domain policy file helpers
@peter: this is confirmed an issue for beta 1. this was due to some path comparison logic to make the path parsing as secure as possible. the list of allowed characters is expanding and semicolon is already checked in.
5/26/2008 5:48 AM | # re: Silverlight cross domain policy file helpers
I installed the file but I'm still getting a security exception -CrossDomainError-. Could someone please point me in the right direction.
6/2/2008 9:03 PM | # re: Silverlight cross domain policy file helpers
Thanks for timheuer great work!
but there is still some problem here which puzzle me for one day . Maybe Peter and Steghen got the same mistake like me.

The difference is the clientaccesspolicy.xml .if you create the XML file by the given snippet . There will be a "http-request-headers" attribute with the <allow-from> node . By the default from the MSDN , there is no such attribute with the <allow-from> node.

remove the attribute from the node , it work ok!

6/2/2008 9:37 PM | # re: Silverlight cross domain policy file helpers
@Henley: yes you are correct. I recently just updated my code snippet and the link. This new attribute will actually be required for Silverlight 2 Beta 2 and future. I put it in there now to prepare. If you are still using Beta 1, remove it and you will be fine.
7/3/2008 10:29 PM | # re: Silverlight cross domain policy file helpers
I'm using a clientaccesspolicy.xml file as outlined here http://silverlight.net/forums/p/19812/68059.aspx#68059 but it doesn't work. I'm running the VS.NET 2008 built in web server. I'm not sure where its virtual path is referencing. I've placed the file all over but still get the security error. Running SL 2 beta 2.
7/30/2008 11:47 PM | # re: Silverlight cross domain policy file helpers
Thanx You.. Perfect Docs
8/28/2008 4:31 AM | # re: Silverlight cross domain policy file helpers
Cheers for the post. I was wondering about this. I had to design a small widget with ActionScript and they too use a cross domain policy like this:


www.macromedia.com/.../cross-domain-policy.dtd">




I was then wondering if SilverLight has something similar and here is the answer lol. It is chicken and the egg, I think that ActionScript 3.0 had it first but I do prefer the cleaner schema of the SilverLight policy.

Cheers,

Andrew
11/13/2008 11:54 AM | # re: Silverlight cross domain policy file helpers
So, just to verify, Silverlight does NOT support cross-domain access with SSL and basic authentication, correct? Is this something that Flash DOES support? What recourse does a .Net and Silverlight advocate like myself have if this is a requirement of the project?
11/13/2008 4:40 PM | # re: Silverlight cross domain policy file helpers
Mike: Silverlight can support x-domain SSL services (the service has to opt in). As to basic authentication -- you can't specifically set authenticaiton headers in network calls in Silverlight. I'm not sure if Flash supports this or not. We use the browser's network stack and thus we use the authentication already provided via the hosting app of the Silverlight content. If that is the same for your service it should work.
11/26/2008 6:45 PM | # re: Silverlight cross domain policy file helpers
Hi, All

1. I host a web service.

2. Host a silverlight web application on a IIS

The web service and sl app are on different machines.

Case1: Silverlight App's ServiceReferences.ClientConfig's service address is : http://IPAddress:Port/...

The I visit the silver light app both by http://IP/test.html or http://DNSName/test.html. Click the button that invokes the web service, it works correctly.

Case 2: Silverlight App's ServiceReferences.ClientConfig's service address is : http://DNSName:Port/...
The I visit the silver light app both by http://DNSName/test.html. Click the button that invokes the web service, it works correctly. Visit by http://IPAddress/test.html, then click the button, it throw exception of:

CrossDomain issue. Actually, I have already set the crossdomain.xml and clientaccesspolicy.xml which based on BreakingChangesBetweenBeta2andRelease.doc. My silverlight version is R2 Release.

So is that the latest of Silverlight's bug?

Thanks
12/2/2008 7:50 PM | # re: Silverlight cross domain policy file helpers
nairenxunwei: have you looked at the traffic to verify that a policy file is being requested?
1/19/2009 5:19 PM | # re: Silverlight cross domain policy file helpers
I just wasted a few hours using the poorly constructed clientaccesspolicy.xml sample in this blog. What finally worked for me was the following:

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="http://*"/>
<domain uri="https://*" />
</allow-from>
<grant-to>
<resource include-subpaths="true" path="/"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>

Sean
1/19/2009 5:25 PM | # re: Silverlight cross domain policy file helpers
Sean depending on your need, this particular blog post doesn't have a poorly constructed cap.xml file at all...if so, point it out to me. I've indicated that this is for public consumption. It looks like your need was for a particular action (SOAP request) and to allow non-secure callers as well, something I also posted about here timheuer.com/.../...h-silverlight-2-ssl-https.aspx which has the exact policy you just posted in the comments.
1/19/2009 7:29 PM | # re: Silverlight cross domain policy file helpers
Tim, please allow me reword my poorly worded post. The clientaccesspolicy.xml sample listed on this blog does not accommodate Silverlight connectivity to an IIS-hosted WCF service application, whereas the sample CAP I provided includes the missing pieces to facilitate this. In all fairness, your article was written well prior to 2.0 so it wasn't possible to foresee this shortcoming. My suffering was not your fault and I do apologize for my choice of words.

Sean
1/19/2009 9:04 PM | # re: Silverlight cross domain policy file helpers
Sean, ah yes the *screenshots* here are incorrect in one regard that http-request-headers must be set (even if "*"). The intellisense files and template, however, were updated.
2/12/2009 1:28 PM | # re: Silverlight cross domain policy file helpers
Tim, I need to use x-domain ssl services. Do you have an example of how the service can opt in?
2/12/2009 3:56 PM | # re: Silverlight cross domain policy file helpers
3/28/2009 4:53 AM | # re: Silverlight cross domain policy file helpers
After struggelig for dayw trying to get a cross domain web service to work, i finally found a solution.

My setup was a silverlight service hosted under a https address. This silverlight app needed to do a cross domain wcf service call.

I found that the silverlight app would call my clientaccesspolicy.xml file wich was setup just as demonstrated here, but with no luck.

When i finally tried to change from:
<allow-from http-request-headers="SOAPAction">
<domain uri="http://*"/>
<domain uri="https://*" />
</allow-from>
to
<allow-from http-request-headers="SOAPAction">
<domain uri="http://*"/>
<domain uri="https://prosjektweb.domain.no" />
</allow-from>

everything worked.

Before trying this, I think i tried just about everything else, including checking that the correct clientaccesspolicy.xml really was called. The problem was the same weather or not i was doing cross shcema call or not, as long as the silverlight app run in a https context.

Hope this can help out others facing the same problem.

Lasse
3/30/2009 3:31 AM | # re: Silverlight cross domain policy file helpers
Hi Tim,

Thanks for the articles, answers a few questions. I'm having problems with a cross-domain call. I have a wcf webservice hosted using an internal dns i.e. mywebservice.domain.com but my site is a media site with the domain www.domain.tv. Running the project locally it's all fine, on the product site no joy.
I have the clientaccesspolicy as follows but no joy. Get a SecurityException stating it may be due to a cross domain policy error.
<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>
<resource include-subpaths="true" path="/"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>

Any help would be appreciated.
Thanks,
Michael
3/30/2009 8:55 AM | # re: Silverlight cross domain policy file helpers
Michael, you should look at Fiddler or web dev helper to see the actual HTTP response to help you track down the issue.
4/6/2009 6:59 AM | # re: Silverlight cross domain policy file helpers
Leon, if there is an HTTP 405 error, that is the server indicating something is wrong...check if you can just browse to those files via a browser.
4/13/2009 12:36 PM | # re: Silverlight cross domain policy file helpers
Hi Tim,

I am trying to get access to a simple xml file but I do not have control over the source server and there is no crossdomain.xml or clientaccesspolicy.xml. How do I access such a resource?

Thanks, Justin.
4/13/2009 12:48 PM | # re: Silverlight cross domain policy file helpers
Justin -- you don't unless you proxy the call (i.e. host your own service that requests it). See timheuer.com/.../...ithout-cross-domain-files.aspx for some other options
4/29/2009 8:47 AM | # re: Silverlight cross domain policy file helpers
Hi Tim,
Really superb.
Gravatar
5/11/2009 12:09 PM | # re: Silverlight cross domain policy file helpers
Hi Tim,

Thanks for the article. I'm trying to use VS to run both the services and the Silverlight client separately, so they are on a different domain. Is there a way to have VS publish the clientaccesspolicy.xml file to the web root instead of the application root?

Thanks, Ed
Gravatar
5/18/2009 5:45 AM | # re: Silverlight cross domain policy file helpers
Hi Tim, I don't know why this cross-domain error appear

I have a Silverlight app that consuming a webservice and they work fine, so
- I'm able to retrieve http://www.mywebsite.com/clientaccesspolicy.xml
- I'm able to retrive the asmx web service http://www.mywebsite.com/mywebservices/myws.asmx

Now I'm trying to test an other SL app, on localhost, that simply use the same webservice

- I have configured the SilverlightApplication1.Web project as a web application
- I have selected the SilverlightApplication1.Web project as the default
- I have add the serviceReference to myws.asmx webservice

but when the SL app runs (localhost:1968/...erlightApplication1TestPage.aspx)

i am getting following runtime error :

"An error occurred while trying to make a request to URI 'http://www.mywebsite.com/mywebservices/myws.asmx'.
This could be due to attempting to access a service in a cross-domain way without a proper cross-domain policy
in place, or a policy that is unsuitable for SOAP services. You may need to contact the owner of the service
to publish a cross-domain policy file and to ensure it allows SOAP-related HTTP headers to be sent.
Please see the inner exception for more details."

This is the traffic to my app sniffing with Fiddler

200 localhost:1968 /ClientBin/SilverlightApplication1.xap
304 www.mywebsite.com /clientaccesspolicy.xml

Tanks
5/21/2009 2:30 AM | # re: Silverlight cross domain policy file helpers
Hi Tim,
you'r great first of all xD

ive watched your tutorial and read articles. I am trying to build a website that shows many images. ive added the .XML files and getting data from my host database. its all working on local. but not on web server.

any idea why ?

I set up BitmapImages with uri source to "http://mywebsite.com/showpic.aspx?picID="...

and getting the id of the picture with web service and using outputstream to show image. im new to silverlight, is this way reasonable ?

as i said, its working fine on local
5/21/2009 9:03 AM | # re: Silverlight cross domain policy file helpers
Elroy is there a cross-domain policy in place? if you are using web request methods to get your image, then you'll need that. if you are just setting source properties on Image, you shouldn't. My rule of thumb is look at the traffic, it will tell you what is going on.
5/21/2009 10:41 AM | # re: Silverlight cross domain policy file helpers
Hi again
yes the cross domain policy is in my root, i can see it through www.mypage.com/crossdomain.xml and i tried the client-access also.

ive just checked with fiddler and it shows this
Result: 304
URL: /ClientBin/Silverlightapplication1.xap
Body: 0

and it doesnt show the crossdomain.xml and clientaccess...xml

ty for ur time
5/21/2009 10:52 AM | # re: Silverlight cross domain policy file helpers
the .xap's result turned to 200 now. tried loading all again and worked.
still i cant see the .xml 's in fiddler. is there any iis setting needed ?
sorry for double post.
5/21/2009 11:09 AM | # re: Silverlight cross domain policy file helpers
Doesn't sound like it is x-domain issues then. Take a look in debug mode, add some tests, watch all traffic -- look for the requests to your images and see where it is failing. Hard for me to debug without being over your shoulder.
5/21/2009 12:19 PM | # re: Silverlight cross domain policy file helpers
Silverlight app. is supposed to check if crossdomain.xml and clientaccesspolicy.xml exist while loading, isnt it ?

i checked fiddler on debug and saw anything except those .xml's
xmls are in my root.
5/21/2009 12:23 PM | # re: Silverlight cross domain policy file helpers
Elroy -- no it checks when it makes a x-domain call.
5/24/2009 1:45 PM | # re: Silverlight cross domain policy file helpers
Ed -- you'd probably have to give VS some additional post-build commands to copy the file in the right place.
5/24/2009 1:55 PM | # re: Silverlight cross domain policy file helpers
GL - is the clientaccesspolicy.xml file *properly configured*?
6/8/2009 1:20 PM | # re: Silverlight cross domain policy file helpers
A hard fought lesson I ran into with respect to the crossdomain.xml and clientaccesspolicy.xml files was when accessing SharePoint web services from Silverlight. Not only do these files have to be located in your root web application folder for SharePoint, but you also need to make sure users have READ access to them at the NTFS permission level. Without READ permission, you will get a crossdomain call error.
6/11/2009 6:05 AM | # re: Silverlight cross domain policy file helpers
Hi Tim,
I have a silverlight application which works fine on my local system.But gives me error while hosted in IIS.

I have a Silverlight-Enabled WCF service in "MyProject.Web" project.A service reference in silverlight project is hosting that WCF.(MyProject.Web and silverlight app are in same solution).Everything works fine on my localsystem.But the application fails in IIS throwing the following exception:
An error occured while trying to make a request to URI 'http://localhost:2727/Service.svc'.This could be due to attempting to access a service in a cross-domain
way without a proper cross-domain policy in place, or a policy that is unsuitable for soap services.You may need to contact the owner of the service to publish a
cross-domain policy file and to ensure ita llows SOAP-related HTTP headers to be sent.Please see the inner exception for more details.


Can anyone please suggest how to overcome this error.I have added both policy files but I think they are not detected at all.Pls suggest where the files should be added or some other solution.

Also is there any way to know whether the already added policy files are being detected or not?
6/22/2009 2:21 PM | # re: Silverlight cross domain policy file helpers
Hi Tim -

I've been researching this issue all day, you have a ton of good posts, however, I'm trying to figure out where to put this ClientAccessPolicy.xml file, if I'm working locally and using the visual studio development server. I doubt you'd put it into wwwroot anymore, since thats not being used as the root?

Maybe I'm dense, just haven't seen anything about this.

Thanks.
6/25/2009 1:55 PM | # re: Silverlight cross domain policy file helpers
Jason -- you're not dense...it's a common question when using the local web dev server. See: timheuer.com/.../...cannot-access-web-service.aspx for an explanation.
7/10/2009 5:52 AM | # re: Silverlight cross domain policy file helpers
Hi Tim,

this worked for me until yesterday with SL2. Today I switched to SL3 and this does not work any longer. It seems that there are some changes for the clientaccesspolicy.xml - can you please advice how to go on?
7/10/2009 8:43 AM | # re: Silverlight cross domain policy file helpers
Sven -- nothing has changed in cap.xml -- what is your issue?
8/6/2009 3:11 AM | # re: Silverlight cross domain policy file helpers
Hi tim, thanks for this tutorial but locally everything is ok but when i try it from my web server i have a post method error 405 with the receiver.ashx
And i can browse to this file via my browser.

Here is the error:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>405 Method Not Allowed</TITLE>
</HEAD><BODY>
<H1>Method Not Allowed</H1>
The requested method POST is not allowed for the URL /receiver.ashx.


<HR>
<ADDRESS>Apache/1.3.37 Server at ***.fr Port 80</ADDRESS>
</BODY></HTML>

8/6/2009 3:18 AM | # re: Silverlight cross domain policy file helpers
Actually i'm using your upload file tutorial and i tried to add clientaccesspolicy.xml and a crossdomain.xml but it's not working. Files are not uploaded and i've this 405 error with receiver.ashx
8/6/2009 8:30 AM | # re: Silverlight cross domain policy file helpers
Adrien -- this is a server error that you'd have to make sure you fix. It looks like you are running an Apache server though, so ASPNET wouldn't be supported there (the receiver.ashx file) -- you'd have to create your own code on the server to receive and process the upload POST.
8/7/2009 1:03 PM | # re: Silverlight cross domain policy file helpers
Ok, I am having some issues. Basically, I created a default silverlight application that has a web application in the same solution (so, when you create one in VS2008, what you get by default). I have a Silverlight enabled web service in my web app. When I run it locally, it is fine. I put some code to determine what URL I am running from, and based on that, I change my endpoint service address...so, like the following:
Private Function GetEnv() As EndpointAddress
Dim urla As String
Dim returnstring As String = "http://localhost/StaffDashboard/Service1.svc"
urla = Application.Current.Host.Source.OriginalString
If urla.Contains("localhost") Then
returnstring = "http://localhost:3866/Service1.svc"
ElseIf urla.Contains("vkdev") Then
returnstring = "vkformstrn.vkdev.net/.../Service1.svc"
End If
Me.URL.Text = returnstring
Return New EndpointAddress(returnstring)
End Function

Using this, here is how I call my service
Dim bind As New BasicHttpBinding
Dim proxy As ServiceReference1.Service1Client = New ServiceReference1.Service1Client(bind, GetEnv())
AddHandler proxy.GetCurrentStaffMemberCompleted, AddressOf proxy_GetCurrentStaffMemberCompleted

proxy.GetCurrentStaffMemberAsync()

When I run it locally, it is fine. When I run it on the server after a publish, it does not. What am I missing? I know it is getting the right "environment" because the URI for the endpointaddress object is correct.

Any clue?
8/7/2009 1:17 PM | # re: Silverlight cross domain policy file helpers
Sam -- check the traffic...are you seeing a security message? Are you seeing a request to a policy file that you don't have, etc.
8/24/2009 4:03 PM | # re: Silverlight cross domain policy file helpers
took me hours to find this and i dont know it wasnt on msdn but thanks so much!
9/2/2009 1:20 PM | # re: Silverlight cross domain policy file helpers
Hello Tim!

I have a simple silverlight application, in which I call a webservice, that returns me a string-value. Now I would like to publish the the whole application and put it into the IIS, because my application must run in an intranet. Local work everything fine, but when I put my application in the IIS on my local machine, then I get an CommunicationException. The "clientaccesspolicy.xml" and the "crossdomain.xml" files, I have added to my webproject!

Have you any idea or something else, or can I send you my sampleproject?

Best Regards
Sebastian
9/2/2009 2:17 PM | # re: Silverlight cross domain policy file helpers
Sebastian - remember when you copy your files over your service reference is probably still looking at your local host. Make sure your Silverlight has the right service reference for where you are going to deploy it!
9/2/2009 11:34 PM | # re: Silverlight cross domain policy file helpers
Hi Tim,

I can't follow you! How can I check or change the service reference?

Have you an example?
9/3/2009 8:43 AM | # re: Silverlight cross domain policy file helpers
Sebastian -- when you added the service reference in your Silverlight project, it stores the configuration/URL in ServiceReferences.clientconfig in your SL project. That's where the URL needs to be changed to match where the deployed service actually is.
9/3/2009 11:39 PM | # re: Silverlight cross domain policy file helpers
Thank you Tim,

after manually changing the "ServiceReferences.clientconfig", works it now! But what can I do, when I publish my application to many customers? How could I avoid, that every customer must unzip the ".xap"-file, change every webservicereference and so on?
9/4/2009 8:19 AM | # re: Silverlight cross domain policy file helpers
Sebastian - what do you mean "publish to many customers" -- if you put it on your site isn't everyone going to use the same service?
9/4/2009 10:17 AM | # re: Silverlight cross domain policy file helpers
The Application shouldn't run on our website......the customers can buy this application and get the files, because the application should run in the intranet of our customers! This should almost the same thing like an normal "windows application". Is that possible?
9/14/2009 3:19 AM | # re: Silverlight cross domain policy file helpers
thanks for the comment for clarification!
9/14/2009 3:52 PM | # re: Silverlight cross domain policy file helpers
Sebastian - sure that's possible. In that case I would build in some custom configuration into your application if the service endpoint is not known.
9/17/2009 6:52 PM | # re: Silverlight cross domain policy file helpers
Hi Tim,

i need you help.

My Silverlight App consume a asmx web service. And IP: 192.168.1.115 is my local IP address.
If i use "localhost/.../request.asmx", it works fine.

And it failed to consume "192.168.1.115/.../request.asmx": Cross-domain error shown by Visual Studio 2008.

What I should do now? Create crossdomain.xml? and where to put it exactly.



9/22/2009 5:06 PM | # re: Silverlight cross domain policy file helpers
It's best you look at the traffic to see the actual error. See timheuer.com/.../...ross-domain-404-not-found.aspx
10/28/2009 4:26 PM | # re: Silverlight cross domain policy file helpers
here was an error downloading 'http://localhost:52332/WebDataService1.svc'.
The request failed with HTTP status 400: Bad Request.
Metadata contains a reference that cannot be resolved: 'http://localhost:52332/WebDataService1.svc'.
The remote server returned an unexpected response: (400) Bad Request.
The remote server returned an error: (400) Bad Request.
If the service is defined in the current solution, try building the solution and adding the service reference again.
10/28/2009 4:30 PM | # re: Silverlight cross domain policy file helpers
I am at my wits end
all of a sudden, I cannot create a webservice using Silverlight 3 and ado 1,5 ctp1 ..
reinstalled vs2008 sp1 and keep getting the above message

Thse are simple simple tests brant new vs2008 project .. create ado entity model
works fine .. create 1.5 ctp .. works fine .. try to connect with a service reference .. it bombs ..with above message .. help, help, help?
11/10/2009 10:23 AM | # re: Silverlight cross domain policy file helpers
I am having trouble getting this working at even a basic level. I am running VS 2008 SP1 and SL 3.
I created a new Silverlight solution and added a page that had a couple of text boxes and a button. Next I added a Web Service (ASMX) project. I added to the ASMX project a method that added some text to a string. Then I called this web service from button click event. So I essentially recreated the demo on the video. It did not work!

When I run in VS I the async result call returns: An error occurred while trying to make a request to URI 'http://localhost:2500/Service1.asmx'. ...
So essentially a cross-domain error from within the VS web server. I tried setting a specific port and this did not help.

Suggestions?
11/10/2009 4:39 PM | # re: Silverlight cross domain policy file helpers
Jerry -- that doesn't mean a x-domain error occured...have you looked at the actual request using fiddler or anything to see what the HTTP response is looking like?
11/11/2009 9:43 AM | # re: Silverlight cross domain policy file helpers
I have no idea why a Silverlight client would care whether an xml exists on the server on not. The onus of securing the web service lies with the server, why does the client need to care about it? We have a web service that allows unrestricted access but a Silverlight client refuses to connect to the web service unless we put the crossdomain xml files on the server. It is such a dumb idea? Cant believe Microsoft came up with that. :o
11/11/2009 10:06 AM | # re: Silverlight cross domain policy file helpers
aman -- Microsoft didn't come up with it if you read above. See http://www.crossdomainxml.org for some history. It was actually a Flash implementation to protect cross-site security attacks since browser networking stacks haven't been updated to support these scenarios. As a service/app provider, this is something you want currently to protect/prevent cross-site scripting attacks.
12/2/2009 1:37 AM | # re: Silverlight cross domain policy file helpers
Referring to your quoted: ... it would be a best practice to put your service layer on a separate domain other than your site (i.e., api.mysite.com). In fact, this is how most are doing it these days. These helps separate more distinctly the services from the web site and also separates the cross-domain security concerns away from the content site versus API access...

We have to apply this philosophy very strictly at a client, but their API resides on a private URL. Everything works well until we try to access the public website from the internet. Fiddler clearly shows that it cannot open the clientaccesspolicy.xml since it is not accessible from the public domain. Is it possible to use the API on a private URL as with ASP.net or should we follow another strategy? This is becoming a showstopper for our Silverlight implemetation.
12/2/2009 4:20 AM | # re: Silverlight cross domain policy file helpers
Hi Tim

Referring to the comment above (pardon the typing mistakes on it). I found the following on the MSDN

URL Access Restrictions in Silverlight
msdn.microsoft.com/en-us/library/cc189008(VS.95)
...Cross-zone access is blocked even if a security policy file on the target
server would allow the resource to be accessed...

that probably explains our predicament.

The only solution we can think of is to reference the api services on the intranet via a 2nd set of services on the public domain.

Do you have another solution or strategy that we should rather follow?

Robert
12/2/2009 10:01 AM | # re: Silverlight cross domain policy file helpers
RobertHartman -- yes, Silverlight is a client technology -- any service it needs will need to be accessible from whatever client has the SL app.
12/2/2009 11:56 AM | # re: Silverlight cross domain policy file helpers
Thanks for the quick confirmation, Tim.

Must admit it looks pretty obvious now, though the cross-zone limitation is not mentioned in any Silverlight discussion on cross-domain requirements. Might be worthwhile mentioning it more pertinently.

Is there any intention to allow authenticated cross zone access in future releases while we proceed with API service duplication for now?
5/24/2010 7:19 PM | # re: Silverlight cross domain policy file helpers
Tim,

I have a different but interesting cross-domain problem. I have a silverlight app talking to a WCF service, with a working crossdomainpolicy.xml. The service, I'll call it Service1, is sitting on my webserver in IIS6 and it all works great - it basically just works against a SQL database. When I load the Silverlight application to the website it still runs without a hitch. Yay!

I also have a WinForms hosted WCF service running locally, called Service2. The client would have this program installed on their machine. It's different code, but it inherits from the same service contract/interface so it has an identical footprint - it just works against the local file system instead of a database. When I am developing, I can simply create a second instance of Service1 (but using a constructor with the new localhost endpoint) because they have the same exact footprint/contracts and it works beautifully. I can run them both at the same time. But once I move the Silverlight project to the webserver, I get a cross domain policy issue with Service2. Service1 is still happy. But silverlight says it can't find the cross domain file, but it's here, sitting right where it was when the silverlight was running local in my Visual Studio environment.

Could this be because I am consuming 1 service and making 2 instances of it? Could this be fixed by simply making sure the services do NOT look identical and my silverlight project then can reference both? The reason I went the route I did is so that I would not have to have duplicate objects in different namespaces from both services which would cause me to have to write 1 to 1 conversions with all of those objects.

I know this is a wild one, but do you see where I am coming from and what might be going on?

Great blog entry for those having issues with this stuff. It's a bit painful the first time you work with these things.

Jason
5/26/2010 11:02 AM | # re: Silverlight cross domain policy file helpers
I think my issue may be that Silverlight is not allowed to access localhost, regardless of clientaccesspolicy.xml when it does not originate from the same localhost. Using firebug, I never even see a call to localhost/clientaccesspolicy.xml when it's delployed to my webserver.

I also can't seem to find any documentation on this to verify that this is true. Anyone know?

Jason
6/10/2010 6:23 AM | # re: Silverlight cross domain policy file helpers
Tim,

Actually i have question for you...

I am developing the silverlight application for govement agency.

My scenario is:

I am hosting a silverlight web application in https:// (secured zone).

From there i am calling the webservice . because my webservice is in NLB Server

http://xxx.com:7430/services/service.svc.

I tried multtiple time . It showing cross domain policy..

I am verymuch frustrated.


My policy file:

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://odntst1:7430" />
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true" />
</grant-to>
</policy>
</cross-domain-access>
</access-policy>

Please help me on this issue ( https => to http webservice)
6/14/2010 1:04 PM | # re: Silverlight cross domain policy file helpers
I hope in the next releases it will be more simple, with only few clicks.
7/7/2010 9:22 PM | # re: Silverlight cross domain policy file helpers
I tried running your Amz sample with SL4 on windows 7 ... I am getting a security or maybe something else error

I believe the clientaccesspolicy file is ok, its in the bucket


An error occurred while trying to make a request to URI 'http://akcapsis/soap'. This could be due to attempting to access a service in a cross-domain way without a proper cross-domain policy in place, or a policy that is unsuitable for SOAP services. You may need to contact the owner of the service to publish a cross-domain policy file and to ensure it allows SOAP-related HTTP headers to be sent. This error may also be caused by using internal types in the web service proxy without using the InternalsVisibleToAttribute attribute. Please see the inner exception for more details.

<?xml version="1.0" encoding="utf-8" ?>
- <access-policy>
- <cross-domain-access>
- <policy>
- <allow-from http-request-headers="SOAPAction">
<domain uri="*" />
</allow-from>
- <grant-to>
<resource include-subpaths="true" path="/" />
</grant-to>
</policy>
</cross-domain-access>
</access-policy>

Client config file looks like so:



<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="AmazonS3SoapBinding" maxBufferSize="2147483647"
maxReceivedMessageSize="2147483647" />
<binding name="CustomAWS" maxBufferSize="65536" maxReceivedMessageSize="65536">
<security mode="None" />
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://akcapsis/soap" binding="basicHttpBinding" bindingConfiguration="CustomAWS"
contract="AWS.AmazonS3" name="AmazonS3" />

</client>
</system.serviceModel>
</configuration>
8/10/2010 12:32 PM | # re: Silverlight cross domain policy file helpers
good info -- I am having a similar info where the II6 websever is returning 304 when the clientaccesspolicy.xml file is requested from the server..
I am able to directly load the clientaccesspolicy.xml from the webserver. ( ie http://webserver/clientaccesspolicy.xml. But when the silverlight app tries -- I get the 304
Gravatar
8/14/2010 2:43 AM | # re: Silverlight cross domain polisdfcy file helpers
rw
8/18/2010 5:05 PM | # re: Silverlight cross domain policy file helpers
Dear.
God.
Is there NO way to tell on'e Silverlight app to ignore all this security rubbish and just DO IT!! ??????
10/28/2010 12:19 AM | # re: Silverlight cross domain policy file helpers
Hi Tim,

I have a different story to share with you.

I am developing a new application in SL 3.0 (VS 2010) and using a already running Web Service that was developed in .NET 2.0. New SL app is on my local machine and is on a different domain than the existing Web Service.

I ran into this issue of not able to access web service from SL application at runtime. I created a new ClientAccessPolicy.xml file and copied it to root website folder wherein web service is deployed as suggested everywhere. But it didn't work. As it didnt work, I even tried copying it to Web Service folder but to no avail. As nothing worked for me, I created CrossDomain.xml file and copied it to root website folder and voila!! it worked.

Can you explain why is it so?
12/4/2010 7:45 AM | # re: Silverlight cross domain policy file helpers
have a different but interesting cross-domain problem. I have a silverlight app talking to a WCF service, with a working crossdomainpolicy.xml.Weather Station The service, I'll call it Service1, is sitting on my webserver in IIS6 and it all works great - it basically just works against a SQL database. When I load the Silverlight application to the website it still runs without a hitch. Yay!

I also have a WinForms hosted WCF service running locally, called Service2. The client would have this program installed on their machine. Weather Stations It's different code, but it inherits from the same service contract/interface so it has an identical footprint - it just works against the local file system instead of a database. When I am developing, I can simply create a second instance of Service1 (but using a constructor with the new localhost endpoint) because they have the same exact footprint/contracts and it works beautifully. I can run them both at the same time. But once I move the Silverlight project to the webserver,Weather Stations I get a cross domain policy issue with Service2. Service1 is still happy. But silverlight says it can't find the cross domain file, but it's here, sitting right where it was when the silverlight was running local in my Visual Studio environment.

Could this be because I am consuming 1 service and making 2 instances of it? Could this be fixed by simply making sure the services do NOT look identical and my silverlight project then can reference both? Weather Station The reason I went the route I did is so that I would not have to have duplicate objects in different namespaces from both services which would cause me to have to write 1 to 1 conversions with all of those objects.Weather Stations


I know this is a wild one, but do you see where I am coming from and what might be going on?

Great blog entry for those having issues with this stuff. It's a bit painful the first time you work with these things.Wireless Weather Stations
1/13/2011 3:42 AM | # agree with you
Hello,

I'm getting

"{System.ServiceModel.CommunicationException: An error occurred while trying to make a request to URI This could be due to attempting to access a service in a cross-domain way without a proper cross-domain policy in place, or a policy that is unsuitable for SOAP services. "70-646 dumps

error when my Silverlight application in Web Role tries to access a WCF service hosted in a Worker Role. I attached crossdomain.xml and clientaccesspolicy.xml files to my worker role project which contains WCF service. But still Silverlight client is failing with above error (note that same WCF service can be accessed from a windows console client without any error). Web development helper tool always shows 404 error for both crossdomain.xml and clientaccesspolicy.xml files when client tries to access. 70-662 dumps

Is there any special way to attach cross domain and client access policy files to worker role projects ? Where does Azure keep these files at the runtime ? Looks like Azure doesn't deploy my XML files to ROOT (not sure where this folder is) of WCF service running in Worker role. Note that I'm using Windows Azure SDK 1.2.

Thanks and regards
350-018 dumps|642-524 dumps

1/27/2011 5:07 AM | # Rent
Yup there any special way to attach cross domain and client access policy files to worker role projects ? Where does Azure keep these files at the runtime ? Looks like Azure doesn't deploy my XML files to ROOT (not sure where Rent A Property
2/20/2011 12:12 PM | # informative article
I am developing a new application in SL 3.0 (VS 2010) and using a already running Web Service that was developed in .NET 2.0. New SL app is on my local machine and is on a different domain than the existing Web Service.H and A Admissions Consulting
4/13/2011 2:18 AM | # re: Silverlight cross domain policy file helpers
I am trying to get access to a simple xml file but I do not have control over the source server and there is no crossdomain.xml or clientaccesspolicy.xml. How do I access such a resource? Plaster Walls
5/5/2011 10:30 PM | # re: Silverlight cross domain policy file helpers
I created a new Silverlight solution and added a page that had a couple of text boxes and a button. Next I added a Web Service (ASMX) project. I added to the ASMX project a method that added some text to a string. Then I called this web service from button click event. So I essentially recreated the demo on the video. It did not work!Muck Truck

 
Please add 6 and 4 and type the answer here:

DISCLAIMER:

The opinions/content expressed on this blog are provided "ASIS" with no warranties and are my own personal opinions/content (unless otherwise noted) and do not represent my employer's view in any way.