I have a silverlight app (hosted at intranet.mydomain.net) and a WCF service at (webservices.mydomain.net)
Do I need a cross-site policy file? If so, what would it look like to only allow access from intranet.mydomain.net?
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
Yes, you will need a clientaccesspolicy.xml file in the ROOT of your service domain(webservices.mydomain.net).
By default, Silverlight supports calls to Web services on the same domain or site of origin. Same domain means that calls must use the same sub domain, protocol, and port. This is for security reasons and prevents cross-domain forgery.
Here is an example file:
<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://intranet.mydomain.net"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
This would allow requests only from intranet.mydomain.net.
Edit
It has been asked: How would this work if I have two WCF Services? /ServiceA/a.svc and /ServiceB/b.svc and I want ServiceA to to be open to anyone, anywhere, and ServiceB to only work from my intranet?
Your policy file would look like this:
<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://*"/>
</allow-from>
<grant-to>
<resource path="/ServiceA/" include-subpaths="true"/>
</grant-to>
</policy>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://intranet.mydomain.net"/>
</allow-from>
<grant-to>
<resource path="/ServiceB/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
回答2:
You might want to check out the following link about 'How to Use Cross Domain Policy Files With Silverlight' by Tim Heuer.
http://silverlight.net/learn/videos/all/how-to-use-cross-domain-policy-files-with-silverlight/
Here is another page from Tim Heuer's blog that you can read through that has examples as well:
http://timheuer.com/blog/archive/2008/04/06/silverlight-cross-domain-policy-file-snippet-intellisense.aspx
I would consider writing your own WCF service that lives with your silverlight app and handles the request to your external WCF service. This way you leave nothing open and only communication to your controlled service is allowed (although the service you mentioned might be under your control).
This method is also useful when the other service is out of your hands and could change often. You could control how this is handled via your own service and never need to update your silverlight control (assuming the changes are not drastic).
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://s3.amazonaws.com/timheuer-img/slcap2.png', '推荐 仙女界的扛把子 的文章《Silverlight WCF Service Cross Domain Question》','https://www.manongdao.com/article-778844.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}