Silverlight cross-origin access to the self-hosted WCF Service under https

Cross-origin access(Cross Domain)InSilverlightIs a very annoying topic, and cross-origin access problems are often discovered inadvertently. In some special circumstances, your website and services may be deployed inHTTPSFor example, the server usesVMWareOrF5And other software to make all requests for the service automatically becomeHTTPSIn this case, the cross-origin access settings and server and client configurations are different. This article focuses on how to configure cross-origin access and solve common request exceptions.

Environment:Windows Server 2008 r2 + VMware Tools (https) +. NET Framework 3.5 + Silverlight 4.BecauseVMWareSo that all externalWebRequests are automatically changedHTTPSRequest. HoweverIISIt can still be distinguished when external requests are usedHTTPSOrHTTP.

Problem:An error occurred while trying to make a request to Uri 'HTTP: // cn.mydomain.com/allan/services/modelservice.svc/main '. this cocould be due to attempting to access a service in a cross-domain way without a proper cross-domain policy in place, or a policy that is unsuitable for soap services. you may need to contact the owner of the Service to publish a cross-domain policy file and to ensure it allows soap-related HTTP headers to be sent. this error may also be caused by using internal types in the Web Service proxy without using the internalsvisibletoattribute attribute. please see the inner exception for more details.

Client Configuration:

<Bindings>

<Basichttpbinding>

& Lt; binding name = "basichttpbinding_imodelservice" maxbuffersize = "2147483647"

Maxcompute edmessagesize = "2147483647">

</Binding>

</Basichttpbinding>

</Bindings>

<Client>

<Endpoint address = "http://cn.mydomain.com/Allan/Services/ModelService.svc/main"

Binding = "basichttpbinding" bindingconfiguration = "basichttpbinding_imodelservice"

Contract = "modelservices. imodelservice" name = "basichttpbinding_imodelservice"/>

</Client>

Set the service addressHTTPBut the result is possible.Security ErrorOr cross-origin access. StartFiddlerLet's see what happened:

Obviously,Clientaccesspolicy. xml(AndCrossdomain. xml) Cannot be accessed, and the request result is301Error:Moved permanently. Because inSilverlightThe address set in isHttp://cn.mydomain.com /...The corresponding two cross-origin accessXMLThe file should also beHTTP, So this request should beHTTP:// Cn.mydomain.com/clientaccesspolicy.xmlBut it prompts that we have been permanently switchedHTTPS: // Cn.mydomain.com/clientaccesspolicy.xmlWhich means we should set the service request addressHTTPSYou can access it. How can this problem be solved?

<Bindings>

<Basichttpbinding>

& Lt; binding name = "basichttpbinding_imodelservice" maxbuffersize = "2147483647"

Maxcompute edmessagesize = "2147483647">

<Security mode = "transport"/>

</Binding>

</Basichttpbinding>

</Bindings>

<Client>

<Endpoint address ="Https://cn.mydomain.com/Allan/Services/ModelService.svc/main"

Binding = "basichttpbinding" bindingconfiguration = "basichttpbinding_imodelservice"

Contract = "modelservices. imodelservice" name = "basichttpbinding_imodelservice"/>

</Client>

However, it is strange that your request has not been smoothly transmitted to the server, andFiddlerThe observed results are also500Error. Sometimes you will get the following error:

Cocould not find a base address that matches scheme https for the endpoint with binding basichttpbinding. Registered base address schemes are [http].

So where is the problem?

1. First, by defaultHTTPSRequests are not accepted by the cross-origin access policy and need special settings.
2. Make sure thatSecurity ModeSetTransport. (In some environmentsServerTerminalSecuritySetNone)
3. Set on the serverBaseaddress.
4. CompleteClientaccesspolicy. xmlAndCrossdomain. xml, The correct path (in the root directory of the website)

Clientaccesspolicy. xmlFile:

<? XML version = "1.0" encoding = "UTF-8"?>

<Access-Policy>

<Cross-domain-access>

<Policy>

<Allow-from http-request-headers = "*">

<Domain uri = "http: // *"/>

<Domain uri = "https: // *"/>

</Allow-from>

<Grant-to>

<Resource Path = "/"Include-subpaths = "true"/>

</Grant-to>

</Policy>

</Cross-Domain-access>

</Access-Policy>

Crossdomain. xmlFile:

<? XML version = "1.0"?>

<! Doctype cross-domain-Policy System "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<Cross-domain-Policy>

<Allow-access-from domain = "*"/>

<Allow-http-request-headers-from domain = ""*""Headers = ""*""/>

</Cross-Domain-Policy>

Client configuration file:

<System. servicemodel>

<Bindings>

& Lt; binding name = "basichttpbinding_imodelservice" maxbuffersize = "2147483647"

Maxcompute edmessagesize = "2147483647">

<Security mode = "transport"/>

</Binding>

</Basichttpbinding>

</Bindings>

<Client>

<Endpoint address ="Https://cn.mydomain.com/Allan/Services/ModelService.svc/main"

Binding ="Basichttpbinding"Bindingconfiguration =" basichttpbinding_imodelservice"

Contract = "modelservices. imodelservice" name = "basichttpbinding_imodelservice"/>

</Client>

</System. servicemodel>

Server configuration file:

<System. servicemodel>

<Servicehostingenvironment aspnetcompatibilityenabled = "true"/>

<Behaviors>

<Servicebehaviors>

<Behavior name = "defaultbehavior">

<Servicemetadata httpgetenabled = "true"/>

<Servicedebug includeexceptiondetailinfaults = "true"/>

</Behavior>

</Servicebehaviors>

</Behaviors>

 

<Bindings>

<Basichttpbinding>

<Binding name = "hyattsite. Services. modelservice. custombinding0">

<Security mode = "NONE"> </Security>

</Binding>

</Basichttpbinding>

</Bindings>

 

<Services>

<Service behaviorconfiguration = "defaultbehavior" name = "hyattsite. Services. modelservice">

<Endpoint address = "Main" binding = "basichttpbinding" bindingconfiguration = "hyattsite. Services. modelservice. custombinding0"

Contract = "hyattsite. Services. imodelservice"/>

<Endpoint address = "mex" binding = "mexhttpbinding" Contract = "imetadataexchange"/>

<Host>

<Baseaddresses>

<Add baseaddress = "https://cn.mydomain.com"/>

</Baseaddresses>

</Host>

</Service>

</Services>

</System. servicemodel>

OK,Success,SilverlightThe returned results can be obtained correctly:

However, the environment of each server may be different. If you need to attach permissions to access requests within the server, it is more troublesome.How to: SSL passthrough with WCF -- or -- transportwithmessagecredential over plain HTTP This articleArticleIt can bring you more ideas.

RelatedCross DomainFor more information about the configuration file, see:Cross-Domain Policy File Specification