views:

105

answers:

2

I have an image stored which I can view in a browser using http and https.

However, when I bind these url's to my image source I can only see the one which uses http.

Any way for silverlight to support https images?

+2  A: 

Seems to be a problem with the cross-domain / cross-scheme security restrictions in Silverlight.

Here might be a good place to start looking:

http://msdn.microsoft.com/en-us/library/cc189008(VS.95).aspx

You can access resources with a cross-scheme URL (allowed between HTTP and HTTPS) on Silverlight, but you need to explicitly enable this with a security policy file. See Network Security Access Restrictions in Silverlight topic for more information.

James Hollister
+1 - my feeling as well
JML
A: 

From a security point of view a site served as http is a completely diferent site when served as https.

For example imagine that a perfectly normal web site is delivered using the standard http port 80 but is entirely uninterested in delivering any https content and hence the default https port 443 is not in use.

A malicious individual gains some limited access to the server although not being able to do much the attacker may be able to have code run that opens a port listening on 443 and forward the traffic to somewhere where they have more control.

Now if clients assume that although there are somethings it wouldn't send to a different host name are safe to send to the same host on a different port that would turn out in this case to be a mistake.

Hence in many instances the port and the protocol portions of the url are included in the cross-domain equation. In your case you need to add a policy file to explicitly allow this traffic.

AnthonyWJones