Just want to know what is the difference between clientaccesspolicy.xml and crossdomain.xml files in Silverlight Application. Are both files needed in the root of the domain where the service is hosted to configure the service to allow cross-domain-access.
Not both files are needed in the root of the domain, but I personally think clientaccesspolicy is better because it can also be used to set configuration for Sockets.
Difference are stated in the Documentation in Beta 2
Silverlight supports two types of security policy files:
Flash policy file - the existing crossdomain.xml policy file used by Adobe Flash. This policy file can only be used by the
WebClient and HTTP classes in the System.Net namespace. A Flash policy file must allow access to all domains to be used by the Silverlight 2 runtime.
Silverlight policy file - the Silverlight policy file that can be used by the WebClient and HTTP classes in theSystem.Net namespace and also by the sockets classes in the
System.Net.Sockets namespace. This policy file has a different format than the Flash policy file.
All in all, Silverlight policy can be used by all kinds of Connection between Client and Server.
Refer to your question, if you only put one of them onto the root, cross-domain-access is also allowed, but for crossdomain.xml CrossDomain for Sockets doesn't allow.
I've just wrestled with the cross domain beast all weekend, I don't think I necessarily won, I'm battered and bruised but managed to post my learnings from the struggle
here.
But in a nutshell, you don't need either if you host your SL app with your WCF service. If you want to go cross domain then my experience is that clientaccesspolicy.xml doesn't work, at least not with my setup (WCF service hosted in a console app). You must
not have a clientaccesspolicy.xml and you must have a crossdomain.xml file that looks something like this:
Note the second last line, it's different to what MSDN suggests you use. This works what MSDN has does not work.
Just a note, watching a http sniffer I could see my SL app requesting the clientaccesspolicy.xml file and it was successfully returned by my service...but still the cross domain exception occurred.
Firstly, these files are refered by server only when there is request from different domain to check if the application making the request has sufficient rights to access the service.
Crossdomain.xml File:
This file is defined by Adobe Flash. It can be used if you want your service to grant access to both Adobe and Silverlight application.
ClientAccessPolicy.xml file:
This file is defined by Silverlight. It can be used only granting access to Silverlight applications., however this file provides more granular control over allowed domains.
Whenever there is request from Silverlight application, first the clientaccesspolicy file is checked. If not present crossdomain file is refered to check the permission.
More details can be found in 'Introducing Silverlight 4' by Ashish Ghoda.
Thanks
Abhilash
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
parimaln
Member
120 Points
100 Posts
Difference between clientaccesspolicy.xml and crossdomain.xml
Jun 18, 2008 04:30 AM | LINK
Hi,
Just want to know what is the difference between clientaccesspolicy.xml and crossdomain.xml files in Silverlight Application. Are both files needed in the root of the domain where the service is hosted to configure the service to allow cross-domain-access.
regards,
Parimal
SteveWong
Contributor
6719 Points
1346 Posts
Re: Difference between clientaccesspolicy.xml and crossdomain.xml
Jun 18, 2008 04:42 AM | LINK
Not both files are needed in the root of the domain, but I personally think clientaccesspolicy is better because it can also be used to set configuration for Sockets.
Difference are stated in the Documentation in Beta 2
Silverlight supports two types of security policy files:
Flash policy file - the existing crossdomain.xml policy file used by Adobe Flash. This policy file can only be used by the WebClient and HTTP classes in the System.Net namespace. A Flash policy file must allow access to all domains to be used by the Silverlight 2 runtime.
Silverlight policy file - the Silverlight policy file that can be used by the WebClient and HTTP classes in the System.Net namespace and also by the sockets classes in the System.Net.Sockets namespace. This policy file has a different format than the Flash policy file.
All in all, Silverlight policy can be used by all kinds of Connection between Client and Server.
Refer to your question, if you only put one of them onto the root, cross-domain-access is also allowed, but for crossdomain.xml CrossDomain for Sockets doesn't allow.
SteveWong (HongKong)
Please mark post as answer if they help you
wallism
Member
4 Points
2 Posts
Re: Difference between clientaccesspolicy.xml and crossdomain.xml
Mar 02, 2009 09:00 AM | LINK
I've just wrestled with the cross domain beast all weekend, I don't think I necessarily won, I'm battered and bruised but managed to post my learnings from the struggle here.
But in a nutshell, you don't need either if you host your SL app with your WCF service. If you want to go cross domain then my experience is that clientaccesspolicy.xml doesn't work, at least not with my setup (WCF service hosted in a console app). You must not have a clientaccesspolicy.xml and you must have a crossdomain.xml file that looks something like this:
Note the second last line, it's different to what MSDN suggests you use. This works what MSDN has does not work.
Just a note, watching a http sniffer I could see my SL app requesting the clientaccesspolicy.xml file and it was successfully returned by my service...but still the cross domain exception occurred.
abhilash_shah
Member
14 Points
19 Posts
Re: Difference between clientaccesspolicy.xml and crossdomain.xml
Dec 08, 2010 10:05 AM | LINK
Firstly, these files are refered by server only when there is request from different domain to check if the application making the request has sufficient rights to access the service.
Crossdomain.xml File:
This file is defined by Adobe Flash. It can be used if you want your service to grant access to both Adobe and Silverlight application.
ClientAccessPolicy.xml file:
This file is defined by Silverlight. It can be used only granting access to Silverlight applications., however this file provides more granular control over allowed domains.
Whenever there is request from Silverlight application, first the clientaccesspolicy file is checked. If not present crossdomain file is refered to check the permission.
More details can be found in 'Introducing Silverlight 4' by Ashish Ghoda.
Thanks
Abhilash
Please remember to mark the replies as answers if they help and unmark them if they provide no help.