Serving clientaccesspolicy.xml through WCF Rest service, while hosting on IIS - silverlight

I am building a simple HTTP file server.
I have an asp.net web application that exposes a WCF service (FileService.svc).
The service contract is:
[OperationContract]
[WebGet(UriTemplate = "/*")]
Stream HandleFileRequest();
The service implementation is quite straightforward and basically I use :
WebOperationContext.Current.IncomingRequest.UriTemplateMatch.RequestUri
To get the path of the file to return (A little parsing is required to extract it).
So for instance, when hosting the app locally on IIS , I can request a file from :
http://localhost:65000/FileService.svc/someFolder1/someFolder2/someFile1.jpg
The problems starts when this request is made from inside a silverlight app. Silverlight searches the clientaccesspolicy file in http://localhost:65000/clientaccesspolicy.xml
The problem is that now, this request won't reach the service because FileService.svc is ommited from the url.
(I want all the file requests to be handled by the WCF service in HandleFileRequest(), and not any other mechanism.)
One solution I can think of is to use the URL Rewrite module of IIS 7.
Is this the right way to do this, or there simpler solution to this ?

The clientaccesspolicy.xml used by Silverlight has to be on the domain root - in your example that would mean http://localhost:65000/clientaccesspolicy.xml. The policy file is unique per domain, not per service. You can, however, set different policies for different services by adding one element for each service in the clientaccesspolicy.xml file, as shown in the example below.
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>
<resource path="/FileService.svc/" include-subpaths="true"/>
</grant-to>
</policy>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://some.other.domain"/>
</allow-from>
<grant-to>
<resource path="/AnotherService/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>

Related

Silverlight cross domain error while working in the same domain

I'm trying to access an .asmx web service with ssl and silverlight client application,
things I have done:
1. I have a crossdomain.xml (only need clientaccesspolicy.xml or crossdomain.xml).
2. I have the tag in the serviceReferences.ClientConfig file.
3. when I call the webservice with ssl ("https:// . . .") I get the cross domain error
and when I change the access point to be without ssl ("http:// . . .") It works!
4. I browsed the webservice address with and without ssl, boath works.
how can I get a cross domain error while working at the same domain?...
Make sure you have proper entry for the SSL in the clientaccesspolicy.xaml. You can check out on msdn http://msdn.microsoft.com/en-us/library/cc645032%28v=vs.95%29.aspx. However if your web service is hosted in the same web application as the Silverlight application you can pass a relative path to WS in the endpoint configuration of the client (.ClientConfig) and the crossdomain/clientaccesspolicy files won't be required. For example, instead of using address="http://localhost/Services/ExampleService.asmx" use sth like address="../Services/ExampleService.asmx" (depending on the folder in which the XAP file is located).
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
<domain uri="http://*" />
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
Like this.
For not obvious reason <domain uri="http://*" /> actually helps

clientaccesspolicy.xml not being called

I'm currently trying to put a silverlight web part in place onto our intranet.
As I do not have access to the ClientBin folder of the SharePoint 2010 box, I created a simple list and a content editor web part to host my app.
The silverlight app runs correctly from my local machine (xxxx.int.mydomain.com) but not from the SharePoint site (siteTest.int.mydomain.com).
This app is calling a web service hosted at: http://xxx.mydomain.com/yyy/ws.asmx
I get the following error message:
An error occurred while trying to make a request to URI
'http://xxx.imd.ch/yyy/ws.asmx'.
This could be due to attempting to access a service in a cross-domain
way without a proper cross-domain policy in place, or a policy that is
unsuitable for SOAP services. You may need to contact the owner of the
service to publish a cross-domain policy file and to ensure it allows
SOAP-related HTTP headers to be sent. This error may also be caused by
using internal types in the web service proxy without using the
InternalsVisibleToAttribute attribute. Please see the inner exception
for more details. System.
The clientaccesspolicy.xml file reads:
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
Calling the clientaccesspolicy from the browser is working fine:
<?xml version="1.0" encoding="utf-8" ?>
- <access-policy>
- <cross-domain-access>
- <policy>
- <allow-from http-request-headers="*">
<domain uri="*" />
</allow-from>
- <grant-to>
<resource path="/" include-subpaths="true" />
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
When I use fiddler to try to understand what's happening, I cannot see any request to any xml file.
Could it be related to any specific thing with SharePoint 2010. How could I debug it further?

cross-domain problem on silverlight and wCF access

I wrote WCF service and i also wrote ( in the same solution ) silverlight client.
I trying to access to the WCF service from the silverlight client - and i get cross-domain exception.
this is happening only when i run the system on the server machine ( thru IIS 7.5 )
I tried to run the same system ( the wcf server & silverlight client ) on my local machine
and its does not happened.
The exception:
An error occurred while trying to make a request to URI ‘http://localhost:4522/MyService’. This could be due to attempting to access a service in a cross-domain way without a proper cross-domain policy in place, or a policy that is unsuitable for SOAP services. You may need to contact the owner of the service to publish a cross-domain policy file and to ensure it allows SOAP-related HTTP headers to be sent. Please see the inner exception for more details.
I saw on the web that i need to add something like ICrossDomainService - but i don't know where i need to define them on my project ( on the silverlight project ? on the WCF server project ? )
Someone can help me please ?
Thanks.
I think you will need to create a client access policy file in the root folder of the web site.
This described here: http://msdn.microsoft.com/en-us/library/cc645032(v=vs.95).aspx
A policy file looks like this, and you will need to tailor it according to your cross-domain requirements. This example was taken from MSDN and probably can't be used without being changed.
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<!--Enables Silverlight 3 all methods functionality-->
<policy>
<allow-from http-methods="*">
<domain uri="*"/>
</allow-from>
<grant-to>
<resource path="/api" include-subpaths="true"/>
</grant-to>
</policy>
<!--Enables Silverlight 2 clients to continue to work normally -->
<policy>
<allow-from >
<domain uri="*"/>
</allow-from>
<grant-to>
<resource path="/api" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
I'm not too familiar with the schema, but I'd hit MSDN again for that. Something like this might be closer:
</cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource/>
</grant-to>
</policy>
</cross-domain-access>
PLEASE check MSDN to make sure you don't open a security hole!

Silverlight client access policy problem

I have a wcf webservice which I call from my silverlight application, using https, and it works fine without any problems. Now I got to add a new reference to an old service (soap/asmx) from the silverlight client which went ok. Then when I tried to access the service, I get the following errors:
An error occurred while trying to make a request to URI 'http://localhost/OldService.asmx'. This could be due to attempting to access a service in a cross-domain way without a proper cross-domain policy in place, or a policy that is unsuitable for SOAP services....
Note: that the asmx service is using http instead of https.
My clientaccesspolicy file is as follows:
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
I think you need to use only Silverlight enabled service.
Silverlight works only with *.svc services, so you can not use *.asmx service in Silverlight project.
I have solved it actually, I just made them all https.

silverlight crossdomainpolicy.xml file problem

I have made a silverlight application and I have hosted it on my localhost IIS. and the URL of this application is http://localhost/default.aspx I have developed and other xml-rpc server which is also running on same machine and its address is https://localhost:8000, I am having problem in calling the remote functions from the url https://localhost:8000 I want to know that where should I place the clientaccesspolicy.xml and what should be the contents of that xml file specifically for this case?
You would need to put a clientaccesspolicy.xml file in the root folder of the web site at port 8000.
It could be something like this (although you should decide what the proper security would be best for you scenario):
<?xml version=""1.0"" encoding=""utf-8""?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers=""*"">
<domain uri=""*""/>
</allow-from>
<grant-to>
<resource path=""/"" include-subpaths="" true""/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>

Resources