I have silverlight4 application that makes a cross domain request to some other webserver, as forum stackoverflow posts and MSDN, silverlight has restriction making crossdomain requests. But I found out that in silverligh4 and later versions you do can add an exception via clientaccesspolicy.xml to make these requests. I added following xml as my clientaccesspolicy.xml
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
xml files stays at the root of my application. But at the following line i am still thrown the security exception
HttpWebResponse response = (HttpWebResponse)request.EndGetResponse(asyncResult);
Can any one shed some light what i might be missing here. I know there it is possible to host another local service in the application and make requests via that. But I would not want to go that solution.
I'm guessing SL is not reading the XML for some reason.
I'd recommend you start up Fiddler and check the requests made by Silverlight and their responses. It SHOULD look for the XML file when accessing data from a different domain. If it gets a 404 (or other errors) it'll throw a security exception.
Also... just to make sure... you didn't forget about <?xml version="1.0" encoding="utf-8"?> at the start, I hope? And you do remember that the XML file must be on the server the Silverlight application will access, NOT the server hosting the Silverlight aplication, right? ;)
Related
I am trying to include an html template with angular like this
<div ng-include="http://SOME_OTHER_DOMAIN/template.html"></div>
As shown, the template is in another domain, to be more specific in an s3 bucket.
I have full control in this bucket and I have already applied cors configuration like this.
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
As expected the template loads correctly and by inspecting the network traffic chrome show this response headers:
access-control-allow-methods:GET
access-control-allow-origin:*
access-control-max-age:3000
content-encoding:gzip
content-type:text/html
........
Now the strange thing is that without any modification or change, the template stops loading and the browser complains that there is no access control allow policy on the request. And in fact when I inspect the network once again the CORS headers are missing. This happens randomly, and even checking the website from chrome and firefox at the same time, one browser will find the CORS as expected and the other will not.
I have read about the the browser's Same Origin Policy and Cross-Origin Resource Sharing (CORS) policy, but I found this behavior really strange.
I want your suggestions on this, is this even a browser problem, cache related, S3 bug or something else?
I have found some solutions involving a proxy server to just giving CORS to request that don't have, but keeping a server just for this is a little awkard, let alone that s3 has already implemented CORS by default.
Given the intermittent nature of this failure, my guess would be that the browser has cached the html file you're trying to load, and this cached version was not loaded with CORS.
So basically - do you load the file earlier without going through CORS? Then a second request that is cross-domain would require it, but never even leave the browser because the resource has already been cached.
Are you loading the template file directly in your browser by typing in the url to it (not a cross-domain request, because you're accessing it directly out of its bucket)?
One possible fix for this is to add a cache-busting pattern to the url to the template, which would mean the browser cannot cache it e.g. append ?nocache to the end of the template url.
See this answer: https://stackoverflow.com/a/14238351/808532
edit: also, maybe now angular works without this, but shouldn't the url string be single-quoted inside your ng-include attribute?
e.g. ng-include="'http://SOME_OTHER_DOMAIN/template.html'"
I need help to figure out how to make a login on my site on GAE through another site.
I need to validate against another site and will get a xml response like:
<?xml version='1.0' encoding='utf-8'?>
<api version='1'>
<loggedIn/>
</api>
or
<?xml version='1.0' encoding='utf-8'?>
<api version='1'>
<error message="NotAuthorized"/>
</api>
How can I make a login, I have't tried it before.
Any help much appreciated
I found this Post and started making something simple with sessions.
Google App Engine - Getting Sessions working with Python 2.7
http://webapp-improved.appspot.com/api/webapp2_extras/sessions.html
I would like to use the Auth modele instead, but can't figure it out.
http://webapp-improved.appspot.com/api/webapp2_extras/auth.html#api-webapp2-extras-auth
My silverlight application is currently hosted in IIS and is set up to only use HTTPS.
the silverlight web project is the root of the IIS website and the webservices project is a seperate web application mapped to /Services.
I can navigate to my site by using "" and ""
but if I use the second option the site loads fine but I get an error when attempting to access any of my services.
An error occurred while trying to make
a request to URI
'https://localhost/Services/Services/Authentication.svc'.
This could be due to attempting to
access a service in a cross-domain way
without a proper cross-domain policy
in place, or a policy that is
unsuitable for SOAP services. You may
need to contact the owner of the
service to publish a cross-domain
policy file and to ensure it allows
SOAP-related HTTP headers to be sent.
This error may also be caused by using
internal types in the web service
proxy without using the
InternalsVisibleToAttribute attribute
I have Crossdomain.xml and clientaccesspolicy.xml files in the root of my Web Services application and also within the root of the Silverlight Web project.
Crossdomain.xml
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain- policy.dtd">
<cross-domain-policy>
<allow-access-from domain="https://*" secure="true" />
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
clientaccesspolicy.xml
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="https://*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
I'm not really sure what the problem is.
Thanks
Edit
The following is the what fiddler shows after calling the service. .
With fiddler set up to decode https IE didn't show any extra entries, but with chrome I get the following output
As the error message says, "This could be due to attempting to access a service in a cross-domain way..." Try using some tool such as Fiddler in the client to see what is the actual response from the server. That will give you more information about the issue.
As shown by fiddler your reference file for the service are having pointers to localhost:444 this usually happens when you have both projects in same solution and add the service reference.
I resolved this by right clicking on the frontEnd.Web part of my solution, going to properties and then the Web tab, instead of using an auto assign port option, I changed it to use local IIS server. This got rid of the error.
I have a Silverlight 4 app that is hosted in an ASP Azure web role. The web role exposes a WCF service. (All this is in the same Visual Studio solution.)
I successfully added a reference to the service, and generated client code. However, it causes an error:
ExpenseServiceClient service = new ExpenseServiceClient();
service.GetExpensesCompleted += new EventHandler<GetExpensesCompletedEventArgs>(service_GetExpensesCompleted);
service.GetExpensesAsync();
The callback:
static void service_GetExpensesCompleted(object sender, GetExpensesCompletedEventArgs e)
{
if (e.Error != null)
{
MessageBox.Show(e.Error.ToString());
return;
}
// ...
}
e.Error is the following:
{System.ServiceModel.CommunicationException:
An error occurred while trying to make
a request to URI
'http://localhost:88/ExpenseService.svc'.
This could be due to attempting to
access a service in a cross-domain way
without a proper cross-domain policy
in place, or a policy that is
unsuitable for SOAP services. You may
need to contact the owner of the
service to publish a cross-domain
policy file and to ensure it allows
SOAP-related HTTP headers to be sent.
This error may also be caused by using
internal types in the web service
proxy without using the
InternalsVisibleToAttribute attribute.
Please see the inner exception for
more details.
---> System.Security.SecurityException --->
System.Security.SecurityException: Security error.
at System.Net.Browser.BrowserHttpWebRequest.InternalEndGetResponse(IAsyncResult asyncResult)
at System.Net.Browser.BrowserHttpWebRequest.<>c__DisplayClass5.<EndGetResponse>b__4(Object sendState)
at System.Net.Browser.AsyncHelper.<>c__DisplayClass2.<BeginOnUI>b__0(Object sendState)
--- End of inner exception stack trace ---
at System.Net.Browser.AsyncHelper.BeginOnUI(SendOrPostCallback beginMethod, Object state)
at System.Net.Browser.BrowserHttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelAsyncRequest.CompleteGetResponse(IAsyncResult result)
--- End of inner exception stack trace ---
at System.ServiceModel.AsyncResult.End[TAsyncResult](IAsyncResult result)
at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result)
at System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
at System.ServiceModel.ClientBase`1.ChannelBase`1.EndInvoke(String methodName, Object[] args, IAsyncResult result)
at ExpenseCalc_SilverLight.ExpenseService.ExpenseServiceClient.ExpenseServiceClientChannel.EndGetExpenses(IAsyncResult result)
at ExpenseCalc_SilverLight.ExpenseService.ExpenseServiceClient.ExpenseCalc_SilverLight.ExpenseService.IExpenseService.EndGetExpenses(IAsyncResult result)
at ExpenseCalc_SilverLight.ExpenseService.ExpenseServiceClient.OnEndGetExpenses(IAsyncResult result)
at System.ServiceModel.ClientBase`1.OnAsyncCallCompleted(IAsyncResult result)} System.Exception {System.ServiceModel.CommunicationException}
Both of these are running on localhost. What am I doing wrong?
Silverlight expects a ClientAccessPolicy.XML file to be present whenever it makes calls that in considers to be "cross domain" (worded that way b/c its fairly strict). Have you set that up? I'm not a SL expert, but that error normally arises when the policy file is not present.
Easy way is to create one at root of your site, so http://localhost/clientaccesspolicy.xml
A pretty loose "allow all" file is something like:
<?xml version=""1.0"" encoding=""utf-8""?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers=""*"">
<domain uri=""*""/>
</allow-from>
<grant-to>
<resource path=""/"" include-subpaths=""true""/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
For more complex scenarios (as may arise in Azure, depending on your architecture), you can create an IIS handler to serve up the expected XML, which allows for dynamic creation of the policy based on the request.
There are plenty of resources on this approach should you decide to go for it, but I'd recommend trying to simple one first to make sure that's the issue.
I don't know much about SilverLight, but I've come across mention of cross domain policies when talking about deploying SilverLight apps that use Azure storage. My Google foo is weak, but you might try one of these links.
I created one solution and then added one project which contains all WCF services. Then i added it's reference to my Silverlight project in the same solution. Now when i try to debug i get one message box saying This Silverlight project you are about to debug is consuming web services. Calls to the web service will fail unless the project is executed in the context of the web which contains the web service. and still if i run it i get this error :-
An error occurred while trying to make a request to URI 'http://localhost:50318/CustomersService.svc'. This could be due to attempting to access a service in a cross-domain way without a proper cross-domain policy in place, or a policy that is unsuitable for SOAP services. You may need to contact the owner of the service to publish a cross-domain policy file and to ensure it allows SOAP-related HTTP headers to be sent. This error may also be caused by using internal types in the web service proxy without using the InternalsVisibleToAttribute attribute. Please see the inner exception for more details.
This is the detailed exception :-
{System.ServiceModel.CommunicationException: An error occurred while trying to make a request to URI 'http://localhost:50318/CustomersService.svc'. This could be due to attempting to access a service in a cross-domain way without a proper cross-domain policy in place, or a policy that is unsuitable for SOAP services. You may need to contact the owner of the service to publish a cross-domain policy file and to ensure it allows SOAP-related HTTP headers to be sent. This error may also be caused by using internal types in the web service proxy without using the InternalsVisibleToAttribute attribute. Please see the inner exception for more details. ---> System.Security.SecurityException ---> System.Security.SecurityException: Security error.
at System.Net.Browser.BrowserHttpWebRequest.InternalEndGetResponse(IAsyncResult asyncResult)
at System.Net.Browser.BrowserHttpWebRequest.<>c__DisplayClass5.<EndGetResponse>b__4(Object sendState)
at System.Net.Browser.AsyncHelper.<>c__DisplayClass2.<BeginOnUI>b__0(Object sendState)
--- End of inner exception stack trace ---
at System.Net.Browser.AsyncHelper.BeginOnUI(SendOrPostCallback beginMethod, Object state)
at System.Net.Browser.BrowserHttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelAsyncRequest.CompleteGetResponse(IAsyncResult result)
--- End of inner exception stack trace ---
at System.ServiceModel.AsyncResult.End[TAsyncResult](IAsyncResult result)
at System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
at System.ServiceModel.ClientBase`1.ChannelBase`1.EndInvoke(String methodName, Object[] args, IAsyncResult result)
at MVVMDemo.CustomersServiceRef.CustomersServiceClient.CustomersServiceClientChannel.EndGetCustomers(IAsyncResult result)
at MVVMDemo.CustomersServiceRef.CustomersServiceClient.MVVMDemo.CustomersServiceRef.ICustomersService.EndGetCustomers(IAsyncResult result)
at MVVMDemo.CustomersServiceRef.CustomersServiceClient.OnEndGetCustomers(IAsyncResult result)
at System.ServiceModel.ClientBase`1.OnAsyncCallCompleted(IAsyncResult result)}
What should i do?
Thanks in advance:)
If your page hosting the silverlight control and the webservice you are trying to connect are in different domains(in ur case it looks like they are different projects) you will need to add the clientaccesspolicy.xml file to your website.
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
Check out this link for more details