Unfortunately, this is not supported. For security reasons, it restricts access to cross-zone, cross-domain, and cross-scheme URLs. These restrictions are designed to prevent networking threats (for example, threats based on a Silverlight 2 application run
from an internet server getting access to resources on a local intranet server).
Here is a nice link which gives a chart for all the schemes:
I am still struggling to understand how a Silverlight app downloaded from a HTTP endpoint calling out to HTTPS pose a security threat.. Maybe I am missing something. Would appreciate insight into the design principle behind the restriction.
Hello, full cross scheme is still not supported, but we already have improvements since Beta 2. Now you should be able to use http -> https or https -> http, but you can't use file -> http, or anything similar.
shanaolanxing - I'll transfer to the Windows Azure team, and will have limited time to participate in the Silverlight forum. Apologize if I don't answer your questions in time.
This is great news, but I'm having problems making it work. I've created a WCF service which I'm able to call successfully over https from a console application (I'm on IIS 7 and I've installed a free certificate from Comodo). Calling the service from the
silverlight client also works fine as long as I access the application over https (no cross-scheming). But when I open the application over http I'm getting the following error message:
An error occurred while trying to make a request to URI 'https://[server-name]/[myservice]'. This could be due to attempting to access a service in a cross-domain way without a proper cross-domain policy in place, or a policy that is unsuitable for SOAP
services. You may need to contact the owner of the service to publish a cross-domain policy file and to ensure it allows SOAP-related HTTP headers to be sent. Please see the inner exception for more details.
Is there anything else I have to do to make this work?
I've now tried calling the webservice the other way around, with the application downloaded over https and then calling the webservice over http. This works just fine. But I'm still not having any luck with making it work the way I want it to...
ahhmedsherif
Member
69 Points
85 Posts
Cross Scheme access Silverlight 2.0 RC0
Oct 01, 2008 01:54 PM | LINK
Is it true that Silverlight 2.0 RC0 allows cross scheme access ?
I would like to call a HTTPS service from a silverlight client downloaded from an HTTP endpoint ? I couldn't do this using Silverlight 2
amit_pal1979
Participant
1150 Points
202 Posts
Re: Cross Scheme access Silverlight 2.0 RC0
Oct 03, 2008 05:11 AM | LINK
Unfortunately, this is not supported. For security reasons, it restricts access to cross-zone, cross-domain, and cross-scheme URLs. These restrictions are designed to prevent networking threats (for example, threats based on a Silverlight 2 application run from an internet server getting access to resources on a local intranet server).
Here is a nice link which gives a chart for all the schemes:
http://msdn.microsoft.com/en-us/library/cc189008(VS.95).aspx
A similiar post in which answer is provided:
https://silverlight.net/forums/t/27908.aspx
Please mark the post as 'Answered' if it answers your question
ahhmedsherif
Member
69 Points
85 Posts
Re: Cross Scheme access Silverlight 2.0 RC0
Oct 03, 2008 05:17 AM | LINK
I am still struggling to understand how a Silverlight app downloaded from a HTTP endpoint calling out to HTTPS pose a security threat.. Maybe I am missing something. Would appreciate insight into the design principle behind the restriction.
Yi-Lun Luo -...
All-Star
25149 Points
2759 Posts
Microsoft
Re: Cross Scheme access Silverlight 2.0 RC0
Oct 03, 2008 06:00 AM | LINK
Hello, full cross scheme is still not supported, but we already have improvements since Beta 2. Now you should be able to use http -> https or https -> http, but you can't use file -> http, or anything similar.
ahhmedsherif
Member
69 Points
85 Posts
Re: Cross Scheme access Silverlight 2.0 RC0
Oct 03, 2008 11:24 AM | LINK
Brilliant..
This is exactly what I wanted calling out HTTPS services from a client downloaded from an HTTP endpoint
hwsoderlund
Member
429 Points
123 Posts
Re: Cross Scheme access Silverlight 2.0 RC0
Oct 03, 2008 01:57 PM | LINK
This is great news, but I'm having problems making it work. I've created a WCF service which I'm able to call successfully over https from a console application (I'm on IIS 7 and I've installed a free certificate from Comodo). Calling the service from the silverlight client also works fine as long as I access the application over https (no cross-scheming). But when I open the application over http I'm getting the following error message:
An error occurred while trying to make a request to URI 'https://[server-name]/[myservice]'. This could be due to attempting to access a service in a cross-domain way without a proper cross-domain policy in place, or a policy that is unsuitable for SOAP services. You may need to contact the owner of the service to publish a cross-domain policy file and to ensure it allows SOAP-related HTTP headers to be sent. Please see the inner exception for more details.
Is there anything else I have to do to make this work?
hwsoderlund
Member
429 Points
123 Posts
Re: Cross Scheme access Silverlight 2.0 RC0
Oct 06, 2008 08:31 AM | LINK
(bump)
Has anyone successfully implemented cross-scheme access in RC0 (application hosted on http calling webservice over https)?
hwsoderlund
Member
429 Points
123 Posts
Re: Cross Scheme access Silverlight 2.0 RC0
Oct 06, 2008 04:20 PM | LINK
Just a little follow-up:
I've now tried calling the webservice the other way around, with the application downloaded over https and then calling the webservice over http. This works just fine. But I'm still not having any luck with making it work the way I want it to...
hwsoderlund
Member
429 Points
123 Posts
Re: Cross Scheme access Silverlight 2.0 RC0
Oct 16, 2008 03:13 PM | LINK
Problem solved. In clientaccesspolicy.xml, https has to explicitly allowed. More info here:
http://timheuer.com/blog/archive/2008/10/14/calling-secure-services-with-silverlight-2-ssl-https.aspx
samlan
Member
129 Points
39 Posts
Microsoft
Re: Re: Cross Scheme access Silverlight 2.0 RC0
Nov 11, 2008 09:21 PM | LINK
BTW, here's a good article on this subject: http://msdn.microsoft.com/en-us/library/cc838250(VS.95).aspx