Saturday, September 19, 2009

WCF and SilverLight – Cross-Domain issues

If your WCF service and SilverLight app are hosted on 2 separate domains then you might come across the following cross-domain access error:

An error occurred while trying to make a request to URI 'http://xxxx'. This could be due to attempting to access a service in a cross-domain way without a proper cross-domain policy in place, or a policy that is unsuitable for SOAP services. You may need to contact the owner of the service to publish a cross-domain policy file and to ensure it allows SOAP-related HTTP headers to be sent. This error may also be caused by using internal types in the web service proxy without using the InternalsVisibleToAttribute attribute. Please see the inner exception for more details.

I use Verio to host my web-sites and I had to add this very simple XML information to the root folder to overcome this error: (file should be named crossdomain.xml)

<!DOCTYPE cross-domain-policy SYSTEM "">
<allow-http-request-headers-from domain="*" headers="*"/>


What about using ClientAccessPolicy.xml?

It turns out that you can also use the ClientAccessPolicy.xml file to provide cross-domain access. Here is what the contents should look like (the file needs to be copied to the same location as crossdomain.xml – the root of the website).

<?xml version="1.0" encoding="utf-8"?>
<allow-from http-request-headers="*">
<domain uri="*"/>
<!--Change WCFServiceFolder to reflect your setup -->
<!--If you want to provide access to all folder use /-->
<resource path="/WCFServiceFolder" include-subpaths="true"/>

So which one should you use:

The crossdomain.xml file is used by both SilverLight and Flash apps. But crossdomain.xml does not provide you the fine grained control that ClientAccessPolicy.xml provides (you can see that in my example above, where I provide cross-domain access only to the WCFServiceFolder sub-folder). Also, Silverlight will first check if the ClientAccessPolicy.xml file exists and will use the CrossDomain.xml file only if it doesnt find the ClientAccessPolicy.xml. So its a good idea to use both.

Get more information from this post:
Using Silverlight 2.0 clientaccesspolicy.xml vs. crossdomain.xml for Web-Service cross-domain access (from Cesar da la Torre Blog)

Working in Visual Studio with the Visual Studio Development Server:

Just drop the above ClientAccessPolicy.xml file in to the root folder of your web-service solution and you should be good to go.

No comments: