SL cross-origin access-learning notes

Cross-origin access to the security policy file is required,

Controls the access of classes in the system. Net namespace to other domains.

Sl4 can run outside the browser, that is, out-of-Browser

In this caseProgramThere is no security policy restriction when running in a sandbox.

 

Sl5 can enhance trust in the browser

The core version of sl3 and sl4 using the. NET class library is V2.

Core sl5 class library version is v4

 

SL supports two types of policy files: Flash policy files and Silverlight policy files.

The Flash policy file name is crossdomain. xml.

The filename of the silverlght policy is clientaccesspolicy. xml.

 

Two types of access are designed for cross-origin access:

1. HTTP in The WebClient and system. Net namespaces;

2. Socket access in the system. net. Sockets namespace

 

If an access request is initiated from a WebClient or HTTP, the SL client first attempts to download the SL policy file from the target domain using the HTTP protocol during runtime. If the file is not found or the file is incorrect, then, download the flash policy file.

If the file is rejected when the HTTP protocol is used to access the fileSecurityexceptionException.

If the SL policy file is valid, it will be used for subsequent access during the application session period.

If it is a flash policy file, that is, crossdomain. XML, all domains must be allowed. That is, what we see

<Cross-domain-Policy>
<Allow-access-from domain = "*"/>
<Allow-http-request-headers-from domain = "*" headers = "*"/>
</Cross-Domain-Policy>

 

For access initiated by sockets, sl3 will download the SL policy file through the TCP protocol of port 943 during runtime.

Start with sl4 and use port 80 of HTTP to download the policy file. The reason is that the firewall rejects the port 943 by default.

You can use the following protocol to download the policy file:

Application shocould set

Socketasynceventargs.Socketclientaccesspolicyprotocol

PropertyHTTP (TCP)On

System. net. Sockets.SocketasynceventargsInstance

Passed toSocket.ConnectasyncMethod.

 

If a policy file is returned, the subsequent cross-origin requests will not be downloaded again even if an error occurs during parsing. (In the original document of msdn, the incorrect policy file will be used for subsequent cross-origin requests)

 

The access initiated by sockets adds a restriction that the allowed cross-domain destination port must be within the range of bytes 2-45 34; otherwise, the access will fail.

When deploying sl3 with TCP cross-origin access, you must note that the system administrator must configure a firewall to allow TCP port 943 to access the SL policy file. Configure the allowed IP addresses.

For sl4, you must configure tcp943 or http80 and the allowed IP addresses.

The Sl policy file (clientaccesspolicy. XML) must be placed in the root directory of the allowed physical paths for IP and port ing.

 

Sl4 and later versions allow running outside the browser to enhance trust. Enhance trust only for WebClient and HTTP;

Sl4 can install applications from HTTP and access media files through HTTPS cross-origin.

 

Sl4 and later versions, trusted applicationsUdpanysourcemulticastclient andThe access initiated by udpsinglesourcemulticastclient does not require a policy file,

The policy file is not required for TCP connections and there is no port limit.

Trusted sl4 can pass throughUdpanysourcemulticastclient and udpsinglesourcemulticastclientClass to a broadcast group with a port greater than or equal to 1024 without a policy file. (Original article: able to join any multicast group on any port greater than or equal to 1024 without the need for a policy responder to authorize the connection .)