Skip to main content

English

Home Forums Silverlight Programming Programming with .NET - General Difference between clientaccesspolicy.xml and crossdomain.xml

Answered Question Difference between clientaccesspolicy.xml and crossdomain.xmlRSS Feed

2 replies. Latest Post by wallism on March 2, 2009.

(0)

parimaln
parimaln

Member

Member

120 points

100 Posts

Difference between clientaccesspolicy.xml and crossdomain.xml

06-17-2008 11:30 PM |

Hi,

Just want to know what is the difference between clientaccesspolicy.xml and crossdomain.xml files in Silverlight Application. Are both files needed in the root of the domain where the service is hosted to configure the service to allow cross-domain-access.

regards,

Parimal

SteveWong
SteveWong

Contributor

Contributor

6443 points

1,297 Posts

Silverlight MVP
Answered Question

Re: Difference between clientaccesspolicy.xml and crossdomain.xml

06-17-2008 11:42 PM |

Not both files are needed in the root of the domain, but I personally think clientaccesspolicy is better because it can also be used to set configuration for Sockets.

Difference are stated in the Documentation in Beta 2

Silverlight supports two types of security policy files:

  • Flash policy file - the existing crossdomain.xml policy file used by Adobe Flash. This policy file can only be used by the WebClient and HTTP classes in the System.Net namespace. A Flash policy file must allow access to all domains to be used by the Silverlight 2 runtime.

  • Silverlight policy file - the Silverlight policy file that can be used by the WebClient and HTTP classes in the System.Net namespace and also by the sockets classes in the System.Net.Sockets namespace. This policy file has a different format than the Flash policy file.

All in all, Silverlight policy can be used by all kinds of Connection between Client and Server.

Refer to your question, if you only put one of them onto the root, cross-domain-access is also allowed, but for crossdomain.xml CrossDomain for Sockets doesn't allow.

Regards,
SteveWong (HongKong)
Please mark post as answer if they help you
Client App Dev

wallism
wallism

Member

Member

4 points

2 Posts

Re: Difference between clientaccesspolicy.xml and crossdomain.xml

03-02-2009 4:00 AM |

 I've just wrestled with the cross domain beast all weekend, I don't think I necessarily won, I'm battered and bruised but managed to post my learnings from the struggle here.

But in a nutshell, you don't need either if you host your SL app with your WCF service. If you want to go cross domain then my experience is that clientaccesspolicy.xml doesn't work, at least not with my setup (WCF service hosted in a console app). You must not have a clientaccesspolicy.xml and you must have a crossdomain.xml file that looks something like this: 

<!DOCTYPE cross-domain-policy SYSTEM “http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd”>
<cross-domain-policy>
<allow-access-from domain=”*” />
<allow-http-request-headers-from domain=”*” headers=”SOAPAction” />
</cross-domain-policy>
 
Note the second last line, it's different to what MSDN suggests you use. This works what MSDN has does not work.

Just a note, watching a http sniffer I could see my SL app requesting the clientaccesspolicy.xml file and it was successfully returned by my service...but still the cross domain exception occurred.

Find the question in the answers
  • Unanswered Question
  • Answered Question
  • Announcement

Advertise Here

Questions/Problems with Silverlight.net? | Advertise with us
All Rights Reserved Terms of Use | Privacy Statement
Copyright © 2009 Microsoft Corporation.

ASP.net Silverlight Channel 9 Edge Technet IIS MIX MSDN WindowsClient