I deployed a Silverlight application that needs to access HTTPS resources, for the deployment of course I read the guidelines to declared on the clientaccesspolicy file the https explicitly. So on the resources that needed to be access by Silverlight I added the following clientaccesspolicy.xml
<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://*"/>
<domain uri="https://*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
On some of my previous posts I explain my frustration believing that Silverlight was not able to read the security cookie to send it at each request, until a change was made to the client access policy file to do not state explicitly that HTTPS had access to that resource.
<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
All the sudden as an act of magic, Silverlight was able to access those resources. The SSL certificate is not self signed so Silverlight is happy using those resources after changing the clientaccesspolicy.xml to allow any access.
I was very surprise at that, anybody can shine some light to this problem? All resources I read mandate to explicitly add the https on the domain uri to allow https calls from Silverlight, yet that part was the one that blocked my Silverlight application.
Cheers
Al
Follow me in twitter | bookmark me | Subscribe to my feed | Add stats to your blog