How do I write a secure ClientAccessPolicy.xml file?

Question

I'm using a ClientAccessPolicy.xml file that I think allows pretty much all access to my WCF service:

<?xml version=""1.0"" encoding=""utf-8""?>
    <access-policy>
        <cross-domain-access>
            <policy>
                <allow-from http-request-headers=""*"">
                    <domain uri=""*""/>
                </allow-from>
                <grant-to>
                    <resource path=""/"" include-subpaths=""true""/>
                </grant-to>
            </policy>
        </cross-domain-access>
    </access-policy>"

So far, I only want to allow my Silverlight application, and my website (MVC2 if that matters) to be able to access the service, but I don't know how I should modify my policy file to do that. I don't really know what type of access each of them needs. Can someone recommend a good resource on how to get caught up with that, as well as a suggestion as to what to specifically do with my clientaccesspolicy.xml file to make my service secure, but still available via BasicHttpBindings and WebHttpBindings?

Answer 1

Check out HTTP Communication and Security with Silverlight

I found it to be very helpful with these kinds of questions.