Cross-Domain Calls and Policies
Silverlight enforces a level of protection so that it cannot be used to invoke web services that are on a different domain than the server that hosts the Silverlight application. For example, a Silverlight 2 application that is hosted on silverlight-data.com can request services that are also hosted on silverlight-data.com. However, if a Silverlight 2 application that is hosted on yourmailserver.net requests a service that is hosted on silverlight-data.com, by default the applicationâs request will not be permitted (see Figure 5-7).
Figure 5-7. Cross-domain access
Understanding Cross-Domain Restrictions
As a security precaution, Silverlight does not allow calls across domain boundaries. By default, this measure prevents Silverlight applications from accessing any web service that is hosted on a domain or domain-and-port combination that is different from the domain that hosts the Silverlight application. The target site can specify which domains can access its services if it implements the Silverlight policy file (clientaccesspolicy.xml) or the Flash policy file (crossdomain.xml) at the websiteâs root. At least one of these files must exist in the websiteâs root. It is important to remember that the policy file must be placed at the websiteâs root, and not at the web applicationâs root.
Silverlight is a browser plug-in, so it adheres to the ...
Get Data-Driven Services with Silverlight 2 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
