When migrating Silverlight 3 Project to Silverlight 4 you might experience following exception:
InvalidOperationException (InnerException: SecurityException)
This error occurs when the SIlverlight application has been downloaded from one site like
http://host1/app/default.aspx
and WCF DataService invokes operation from service which is hosted on another site like:
http://host2/app/service.svc/
To make this working you need to deploy clientaccesspolicy.xml file.
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
This policy file works in Silverlight 3. However Silverlight 4 is more clever and obviously can differentiate between real SOAPAction header, which is not sent in a case of DataService. DataServices uses REST pattern and not SOAP.
Here is the required change in the policy file:
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
Posted
Apr 22 2010, 02:57 PM
by
Damir Dobric