Silverlight: How to ignore (the absence of) crossdomain.xml with System.Net.WebClient?

Question

I get security exception when using System.Net.WebClient to do HTTP requests, which is due to the fact that crossdomain.xml or clientaccesspolicy.xml on the target server are either missing or are too restrictive. I know there is a good reason for this (cookies and cross-site request forgery), but it does not apply in my case since all I need is doing plain HTTP GET requests to arbitrary URLs without using cookies or anything fancy.

I already thought of an idea of a proxy that will fetch the URLs, but that sounds more like an ugly workaround, not to mention the waste of bandwidth.

What is the way (if there is one) to do it in Silverlight? Am I using the right class?

Answer 1

I think that that is actually not possible, at least with WebClient. The whole idea is to restrict (protect...) the clients from unwanted requests to other servers.

To get around that, what you can do is have a proxy webservice that will call the "arbitrary URLs" from your web server, and pass the results back to the Silverlight client. That way the clients stay protected while you achieve the functionality you want.

Answer 2

Why do you want to get rid of it?

If you profile Silverlight requests...in a cross-domain scenario they always call the clientaccesspolicy.xml file. You cannot change this behavior (internal to the Silverlight runtime). Furthermore, if it doesn't find the clientaccessolicy.xml file its calls the Flash/Flex equivelant (crossdomain.xml). If both don't exist or won't allow requests from that domain, your requests will simply fail.

I wrote an article about using HttpHandlers in order to not have to place those XML files on your local web server and you can make them dynamic. The article is located here:

http://silverlighthack.com/post/2008/11/08/Silverlight-clientaccesspolicyxml-files-for-the-Enterprise-(Part-1-of-2).aspx