Silverlight 3 ClientAccessPolicy.xml

WHY DO WE HAVE SILVERLIGHT CLIENTACCESS POLICY.XML FILE?

But before going in detail of this ….  first we see how this file look and where do we have to keep this…

ClientAccessPolicy.xml (Traditional)

<?xml version=”1.0″ encoding=”utf-8″?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri=”*”/>
</allow-from>
<grant-to>
<resource path=”/” include-subpaths=”true”/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>

But, with Silverlight 3 we have to make some changes  in the file –

<?xml version=”1.0″ encoding=”utf-8″?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers=”*>

<domain uri=”http://*”/><domain uri=”https://*”/&gt;

</allow-from”>
<grant-to>
<resource path=”/” include-subpaths=”true”/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>

WHERE DO WE KEEP IT ?

under inetpub > wwwroot folder in C:

COMING BACK – Why do we need this.

Basically, when one has to access some services for eg: WCF service and it is hosted in some other domain and the same service has to be accessed in silverlight application which is in some other domain then we have to make use of this file and keep the same in the inetpub root folder.

COMING TO THE TECHNICAL DETAILS :

Silverlight 3 provides the following two means for network applications to connect with the remote host :

1.) WebClient and HTTP classes in System.net namespace – these classes use HTTP and HTTPS protocol for n/w connection.

2.) Socket Classes in System.Net.Sockets namespace – these classes provide a low-level socket interface.

So, now for both there is need to provide the security and prevent Silverlight Application from providing access to unauthorized connections. These attacks can be –

DOS (Denial of Service attacks), DNS Rebinding attacks, Reverse tunnel attacks.