SecurityException with Silverlight Web Services

Question

I've been following along with this Silverlight tutorial, using Twitter instead of Digg. Everything is working fine, until I get to the step where I try to get data from the service.

private const string TWITTER_API_URL_FORMAT = "http://api.twitter.com/1/statuses/user_timeline.xml?screen_name={0}";
    private void Button_Click(object sender, RoutedEventArgs e)
    {
        string username = searchBox.Text;
        string url = String.Format(TWITTER_API_URL_FORMAT, username);
        WebClient twitterService = new WebClient();
        twitterService.DownloadStringCompleted += new DownloadStringCompletedEventHandler(twitterService_DownloadStringCompleted);

        label.Text = "Loading... " + url;
        twitterService.DownloadStringAsync(new Uri(url));
    }

    void twitterService_DownloadStringCompleted(object sender, DownloadStringCompletedEventArgs e)
    {
        if (e.Error != null)
        {
            label.Text = String.Format("Error: {0}", e.Error);
            return;
        } 

        // ...
    }

It fails with the following error:

[System.Security.SecurityException] = {System.Security.SecurityException ---> System.Security.SecurityException: Security error.
   at System.Net.Browser.BrowserHttpWebRequest.InternalEndGetResponse(IAsyncResult asyncResult)
   at System.Net.Browser.BrowserHttpWebRequest.<>c__DisplayClass5.<E...

I'm not sure why this is happening. The URL is legit. I have a wp7 Silverlight project that uses this same code, and it works fine. What could I be doing wrong?

Answer 1

You're probably running into a cross site scripting (XSS) error. Take a look here: Making a Service Available Across Domain Boundaries