Making a Service Available Across Domain Boundaries
Using for cross-domain communication requires guarding against several types of security vulnerability that can be used to exploit Web applications. Cross-site forgery is a class of exploits that becomes a threat when allowing cross-domain calls. This exploit involves a malicious Silverlight control transmitting unauthorized commands to a third-party service, without the user's knowledge. To prevent cross-site request forgery, Silverlight allows only site-of-origin communication by default for all requests other than images and media. For example, a Silverlight control hosted at https://contoso.com/mycontrol.aspx can access only services on that same domain by default – for example https://contoso.com/service.svc, but not a service at https://fabrikam.com/service.svc. This prevents a malicious Silverlight control hosted on the https://contoso.com domain from calling unauthorized operations on a service hosted on the https://fabrikam.com domain.
To enable a Silverlight control to access a service in another domain, the service must explicitly opt-in to allow cross-domain access. By opting-in, a service states that the operations it exposes can safely be invoked by a Silverlight control, without potentially damaging consequences to the data that the service stores.
Silverlight 3 supports two different mechanisms for services to opt-in to cross-domain access:
Place a clientaccesspolicy.xml file at the root of the domain where the service is hosted to configure the service to allow cross-domain access.
Place a valid crossdomain.xml file at the root of the domain where the service is hosted. The file must mark the entire domain public. Silverlight supports a subset of the crossdomain.xml schema.
For more information about cross-scheme access, see Network Security Access Restrictions in Silverlight.
To use a clientaccesspolicy.xml file to allow cross-domain access
Build a service that enables access by a Silverlight client. For more information about how to do this, see How to: Build a Service for Silverlight Clients.
Create a clientaccesspolicy.xml file that allows access to the service. The following configuration allows access from any other domain to all resources on the current domain.
<?xml version="1.0" encoding="utf-8"?> <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="SOAPAction"> <domain uri="*"/> </allow-from> <grant-to> <resource path="/" include-subpaths="true"/> </grant-to> </policy> </cross-domain-access> </access-policy>
Save the clientaccesspolicy.xml file to the root of the domain where the service is hosted. If, for example, the service is hosted in https://fabrikam.com then the file must be located at https://fabrikam.com/clientaccesspolicy.xml.
The valid values for the headers attribute are the wildcard (“*”), which allows all headers that have not been blacklisted and a comma-separated list of allowed headers. These allowed headers can use a wildcard suffix, for example, “X-CUSTOM-*”.
Alternatively, if you want to allow access from only one other domain, such as https://contoso.com, the clientaccesspolicy.xml should contain the following configuration.
<?xml version="1.0" encoding="utf-8"?> <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="SOAPAction "> <domain uri="https://contoso.com"/> </allow-from> <grant-to> <resource path="/" include-subpaths="true"/> </grant-to> </policy> </cross-domain-access> </access-policy>
Test that the access is enabled by invoking the service from the other domain.
-
Note
To allow access to an HTTPS service from an HTTP application, you need to put the
<domain uri=”https://*” />
element inside your<allow-from>
element.
To use a crossdomain.xml file to allow cross-domain access
Build a service that enables access by a Silverlight client. For more information about how to do this, see How to: Build a Service for Silverlight Clients.
Create a crossdomain.xml file that contains the following configuration. The file must be configured to allow access to the service from any other domain, or it is not recognized by Silverlight 3.
<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "https://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-http-request-headers-from domain="*" headers="SOAPAction,Content-Type"/> </cross-domain-policy>
Save the crossdomain.xml file to the root of the domain where the service is hosted. If, for example, the service is hosted in https://fabrikam.com, then the file must be located at https://fabrikam.com/crossdomain.xml.
Test that the service is enabled by invoking the service from the other domain.
Send comments about this topic to Microsoft.
Copyright © 2009 by Microsoft Corporation. All rights reserved.