After several successful Silverlight project calls to Web service, the following error occurs: "system. Security. securityexception: security error", as shown in:
Because I have only learned and tested the Silverlight functions in the past few days, and I have not made any formal projects, so I will re-build a project every time I see this. Today I am really impatient, the reason why I found it online is probably the cross-origin access permission of Silverlight. to create a "clientaccesspolicy. XML file, and thenCodePaste it to this file:
Code <? XML version = " 1.0 " Encoding = " UTF-8 " ?>
< Access - Policy >
< Cross - Domain - Access >
< Policy >
< Allow - From HTTP - Request - Headers = " * " >
< Domain URI = " * " />
</ Allow - From >
< Grant - To >
< Resource path = " / " Include - Subpaths = " True " />
</ Grant - To >
</ Policy >
</ Cross - Domain - Access >
</ Access - Policy >
Restart the applicationProgram, OK!
Let's look at Microsoft:
Make Service Cross-origin boundary available
Cross-origin communication using Silverlight version 4 requires protection against several types of security vulnerabilities that can be used to illegally exploit web applications."Cross-Site forgery"(Cross-site forgery), as a means of exploits, can be a threat when cross-origin calls are allowed. This exploitation includes the transmission of unauthorized Silverlight controls to third-party services without the user's knowledge. To avoid cross-site Request Forgery, Silverlight only allows source site communication for all requests except images and media. For example, the Silverlight control that is hosted on a http://contoso.com/mycontrol.aspx can by default only access services in the same domain, such as http://contoso.com/service.svc, but not services located in the http://fabrikam.com/service.svc. This avoids unauthorized calls to services hosted on the http://contoso.com domain by the malicious Silverlight control on the http://fabrikam.com domain.
To allow the Silverlight control to access services in other domains, the Service must explicitly allow cross-origin access. By selecting, the Service declares that its public operations can be safely called by the Silverlight control, without causing potential harm to the data stored by the Service.
Silverlight 4 supports two different mechanisms for Service Selection for cross-origin access:
- Place a clientaccesspolicy. xml file in the root directory of the domain hosting the service to configure the service to allow cross-origin access.
- Place a valid crossdomain. xml file in the root directory of the domain hosting the service. This file must mark the entire domain as public. Silverlight supports a subset of the crossdomain. xml architecture.
For more information about cross-origin access, see network security access restrictions in Silverlight 2.
Use the clientaccesspolicy. xml file to allow cross-origin access
-
Build a service that allows the Silverlight client to access. For more information about how to perform this operation, see How to: generate a service for the Silverlight client.
Create a clientaccesspolicy. xml file that allows access to the service. The following configuration allows access to all resources in the current domain from any other domain.
Copy <? XML version = "1.0" encoding = "UTF-8"?>
<Access-Policy>
<Cross-domain-access>
<Policy>
<Allow-from http-request-headers = "soapaction">
<Domain uri = "*"/>
</Allow-from>
<Grant-to>
<Resource Path = "/" include-subpaths = "true"/>
</Grant-to>
</Policy>
</Cross-Domain-access>
</Access-Policy>
Alternatively, if you only allow access from one of the other domains (such as the http://contoso.com ),<Allow-from>
Element<Domain uri = "*"/>
Replace rows<Domain uri = "http://contoso.com"/>
Line.
If you allow access to the HTTPS service from any Silverlight control hosted by an HTTP application<Domain uri = "http: // *"/>
Element placement<Allow-from>
Element.
The valid values of the header feature include:
- Wildcard ("*")-Allow all headers not blacklisted
- The list of allowed headers separated by commas. These allowed headers can use wildcard suffixes, such as "X-CUSTOM -*".
If you allow access to the service through a TCP socket<Socket-resource Port = "4502" protocol = "TCP"/>
Add<Grant-to>
Element, where 4502 is the port value that carries the service.
-
Save the clientaccesspolicy. xml file to the root directory of the domain hosting the service. For example, if the service is hosted on a http://fabrikam.com, the file must be located at http://fabrikam.com/clientaccesspolicy.xml.
-
You can call services from other domains to test whether access is enabled.
Use the crossdomain. xml file to allow cross-origin access
Build a service that allows the Silverlight client to access. For more information about how to perform this operation, see How to: generate a service for the Silverlight client.
Create a crossdomain. xml file containing the following configurations. The file must be configured to allow access to the service from any other domain, otherwise Silverlight 4 will not recognize it.
Copy<? XML version = "1.0"?>
<! Doctype cross-domain-Policy System "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<Cross-domain-Policy>
<Allow-http-request-headers-from domain = "*" headers = "soapaction, Content-Type"/>
</Cross-Domain-Policy>
Store the crossdomain. xml file in the root directory of the domain hosting the service. For example, if the service is hosted on a http://fabrikam.com, the file must be located at http://fabrikam.com/crossdomain.xml.
Call a service from another domain to test whether access to the service is allowed.
Send a comment to Microsoft on this topic.
Copyright (c) 2010 Microsoft Corporation. All rights reserved.