An interesting question crossed my plate today “why should I use a client access policy or cross domain policy on my server?”. Having come from the server world, I had to remind myself repeatedly that the fundamental difference between Silverlight and ASP.NET is Silverlight runs on the client, and ASP.NET runs on the server.
Along with this difference is the ability to access data. ASP.NET applications can use the HttpWebRequest or call a web service not located on the same server. Since Silverlight runs on the client, it is a potential security risk to access data from a server where the XAP did not originate. SO, the introduction (it’s a standard practice for Flash) of the client access policy. Briefly, create a file named clientaccesspolicy.xml with the xml content below, and your service/data is ready to be consumed by Silverlight.
For more information about WCF and cross domain data access see the list of links below.
<?xml version="1.0" encoding="utf-8"?><access-policy><cross-domain-access><allow-from http-request-headers="*"><domain uri="*" /></allow-from><grant-to><resource path="/" include-subpaths="true"/></grant-to></cross-domain-access></access-policy>
References
Making a Service Available Across Domain Boundaries (MSDN)
Use a cross-domain WCF Service in Silverlight
Step By Step - Using Silverlight to Access a WCF Service Hosted In a Console Application
October 16th, 2008 at 2:47 am
[...] Corey Schuman explains Why use a Client Access Policy file [...]
October 16th, 2008 at 6:29 am
[...] Why Use a Client Access Policy File? (Corey Schuman) [...]
October 19th, 2008 at 11:34 pm
[...] Why use a Client Access Policy file [...]
January 12th, 2009 at 2:03 pm
[...] is often compared to Flash, and rightfully so. Principles such as a cross domain access policy and animation techniques use the same principles. Even on the application architecture side [...]