Silverlight Cross Domain Policies

Question

In a silverlight application, I want to access the page the silverlight .xap file from an HTTP subdomain, but have the web services access a different subdomain for sensitive information over HTTPS.

I set up clientaccesspolicy.xml at the root of the subdomain and it lets the silverlight app access its services over http, but not over https. It gives the cross domain access error that it would give normally without a clientaccesspolicy in place.

I know that browsers themselves have a lot of restrictions about mixing http and https. Am I trying to do something that is not allowed?

Answer 1

Check out:http://silverlight.net/forums/t/12741.aspx

You can either make https calls to the same domain or http cross-domain calls, but not https cross-domain calls.

This is described in http://msdn2.microsoft.com/en-us/library/cc189008(VS.95).aspx

(see "If not HTTPS" in the matrix) By JohnSpurlock

Answer 2

This is out of date since Silverlight 2.0 was released. You can now do most cross-domain scenarios with the appropriate configuration. http://msdn.microsoft.com/en-us/library/cc197955(VS.95).aspx

Answer 3

The important thing to note here that is not in the above information clearly is you must have access to the "ROOT" level of the domain request, and the clientaccesspolicy.xml must reside at that level.

If for example you have a production environment that your application is behind a load balancer that directs traffic as most large companies do to your application via the URI, you then have a little bit of a problem.

Example: http://mydomain.com/MyApplication/* goes to your server, where your app resides. http://mydomain.com/clientaccesspolicy.xml is where the policy exists.