O'Reilly logo

Data-Driven Services with Silverlight 2 by John Papa

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Cross-Domain Calls and Policies

Silverlight enforces a level of protection so that it cannot be used to invoke web services that are on a different domain than the server that hosts the Silverlight application. For example, a Silverlight 2 application that is hosted on silverlight-data.com can request services that are also hosted on silverlight-data.com. However, if a Silverlight 2 application that is hosted on yourmailserver.net requests a service that is hosted on silverlight-data.com, by default the application’s request will not be permitted (see Figure 5-7).

Cross-domain access

Figure 5-7. Cross-domain access

Understanding Cross-Domain Restrictions

As a security precaution, Silverlight does not allow calls across domain boundaries. By default, this measure prevents Silverlight applications from accessing any web service that is hosted on a domain or domain-and-port combination that is different from the domain that hosts the Silverlight application. The target site can specify which domains can access its services if it implements the Silverlight policy file (clientaccesspolicy.xml) or the Flash policy file (crossdomain.xml) at the website’s root. At least one of these files must exist in the website’s root. It is important to remember that the policy file must be placed at the website’s root, and not at the web application’s root.

Silverlight is a browser plug-in, so it adheres to the same standards ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required