When trying to access a web service, either WCF (.svc) or asmx in Silverlight works well until we add SSL, when trying to access and using fiddler, complains about the clientaccesspolicy.xml by a crossdomain error:
An error occurred while trying to make a request to URI This could be due to attempting to access a service in a cross-domain way without a proper cross-domain policy in place, or a policy that is unsuitable for SOAP services.
The authentication cookie is attached to the request, yet when requesting the clientaccesspolicy.xml
Even with Fiddler2 the HTTPS is pretty hidden from the user, yet is not requesting the file or failing on the request. I believe the problem could be that is requesting the clientaccesspolicy in http instead of https or cannot inherit the security from SSL.
I have a correct clientaccesspolicy with https to make sure I allow anybody in https. Those servers will only allow https so needs to be set explicitly.
<?xml version="1.0" encoding="utf-8" ?>
- <access-policy>
- <cross-domain-access>
- <policy>
- <allow-from http-request-headers="*">
<domain uri="http://*" />
<domain uri="https://*" />
</allow-from>
- <grant-to>
<resource path="/" include-subpaths="true" />
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
The next step is to try the same test with Silverlight 3 and post both application here for people to see the difference, as I believe Silverlight 2 cannot do a request cross domain and cross schema as well as pass the security cookies from the response.
I have to say that I got quite a lot of information about resources for cross domain request and schema from Tim Heuer’s blog.
http://timheuer.com/blog/archive/2008/06/10/silverlight-services-cross-domain-404-not-found.aspx
Cheers
Al
