Silverlight 2 beta 1 and Socket Exception: Access Denied

Playing around with the sockets in Silverlight 2 beta 1 I found out that it works fine on my local host. When publishing my sample to a real Web server (I mean a Web server that is reachable in the Internet with a domain) I got always a socket exception saying that access is denied. I looked around if I could find any help on that. I thought that there maybe is a restriction in the defaults of Silverlight and that I could find somewhere a configuration similar to the .NET and zones configuration, but I didn't.

Today I got the answer from Wilco Bauwer, Microsoft:

This is currently a limitation of the site-of-origin policy.  To prevent DNS rebinding, we need to verify that the IP address returned by the DNS query actually "belongs" to the domain specified; we do this with a reverse DNS lookup.  This dependence on the reverse lookup should go away in the next drop of Silverlight 2.

That means my online sample at frankfurt.schwarz-interactive.de returns a IP address that does not correspond with the DNS reverse lookup information. If you want to check the reverse DNS lookup of any IP address you can use nslookup.exe (for detailed information read the Wikipedia article about reverse DNS lookup):

First you have to set the type to query to PTR:

set type=ptr

To lookup for the domain name of a given IP address (the IP address Silverlight gets from resolving the domain used for the socket) you have to reverse the IP address and add ".in-addr.arpa." at the end. This means: the IP Address 82.165.8.108 gets 108.8.165.82.in-addr.arpa. Your nameserver will answer this with the name that is configured for this IP address:

CWindowssystem32cmd.exe - nslookup 

In my example I get schwarz-interactive.de instead of the used domain frankfurt.schwarz-interactive.de. Well, simple changing the sample to use http://schwarz-interactive.de:4510/test.aspx fixes this problem.

The next drop of Silverlight 2 will change this dependence. In the meantime, the easiest way to work around this is to reference the .xap file using'http://[ip address]:port/path/to/app.xap. No reverse lookup is needed in this case because Silverlight will simply do an equality test on the IP addresses.

Published Sunday, March 09, 2008 8:23 PM by Michael Schwarz
Filed under: , ,

Comments

# re: Silverlight 2 beta 1 and Socket Exception: Access Denied

Sunday, March 09, 2008 2:54 PM by Cameron

Thanks man, that should save me some time when I start playing with the Sockets. :)

# re: Silverlight 2 beta 1 and Socket Exception: Access Denied

Sunday, March 09, 2008 4:22 PM by Gopi

Mike,

Is there a way to do a 2 - way communication with SL Sockets ? Liek SL client will open a socket and Listen, so i can push data from server when needed?

Thanks,

Gopi

# re: Silverlight 2 beta 1 and Socket Exception: Access Denied

Sunday, March 09, 2008 5:41 PM by Michael Schwarz

@Gopi: you can open a socket from Silverlight and leave it open. With this you are able to send something to the client. A socket listener is no possible.

Michael

# re: Silverlight 2 beta 1 and Socket Exception: Access Denied

Sunday, March 09, 2008 11:02 PM by Gopi

Thanks Mike, I was looking for something like Flex's real time data push.. which has a client side socket listner.. !

Gopi

# re: Silverlight 2 beta 1 and Socket Exception: Access Denied

Monday, March 10, 2008 4:48 AM by Michael Schwarz

@Gopi: well, I think the Flex data pushing does not create a listener on the local PC but I don't know Flex enough. I think that Flex is opening a socket to the (Web) server and then waits for any response. If there is any event the client has subscribed to the server will write on that socket. You will get real pushed data insted of polled. So, I think it is working the same.

Michael

# re: Silverlight 2 beta 1 and Socket Exception: Access Denied

Monday, March 10, 2008 2:17 PM by Gopi

Mike,

There is an Client side XmlSocket available in flex, which registers and listens (!), when data available, server pushes the data to the registered client's method  !

That was beautiful for many senario's [esp, real time financial data push].

SL can make huge impact in Financial sector if implemented !

Gopi

# re: Silverlight 2 beta 1 and Socket Exception: Access Denied

Monday, March 10, 2008 3:04 PM by Michael Schwarz

@Gopi: I still think that they don't have listeners on the socket layer. You have to think on something like an event handler that is waiting (listening) for new data sent to the client, but the connection has been established from the client. Firewalls and NAT would make listeners on the client-side unusable.

I found this Flex code here:

private function connectToServer():void

{

   //

   // Step #1: Create the XMLSocket Instance

   //

   socket = new flash.net.XMLSocket();

   //

   // Step #2: Register for event notifications

   //

   socket.addEventListener(Event.CONNECT, connectHandler);

   socket.addEventListener(DataEvent.DATA, dataHandler);

   //

   // Step #3: Create the physical connection with the server

   //

   socket.connect("mydomain.com", 5974);

}

You see that the client is establishing the connection. With an open connection to a socket server you are able to push data to the client whenever you want (but the connection must be left often from the client).

Wait for my example using Silverlight...  ;)

# re: Silverlight 2 beta 1 and Socket Exception: Access Denied

Monday, March 10, 2008 3:40 PM by Gopi

Cool, ok, a Live example would be good. Thanks.

# re: Silverlight 2 beta 1 and Socket Exception: Access Denied

Wednesday, April 02, 2008 10:54 AM by Killik

Thanks Michael.

I tried the code on my localhost, using IP or dns host name, still I always get the error 10013 (access denied). Just as I run the demo at schwarz-interactive.de/test.aspx. Well, the same method works on .NET framework socket. Guess we'll have to wait for the next version of SL.

# re: Silverlight 2 beta 1 and Socket Exception: Access Denied

Sunday, April 13, 2008 10:56 AM by Mike

How do I connect to a machine that doesn't have a domain name associated with it? Is there a way to do it using just an IP address?

Also, what if I want to connect to a machine on the local network? Example: http://mybox1

Thanks,

-Mike

# re: Silverlight 2 beta 1 and Socket Exception: Access Denied

Monday, April 14, 2008 12:05 AM by dotnetnoobie

Hello Michael,

I have made a small Server/Client chat application with winforms server app and a silverlight client to run in the browser...

I was wondering if you had any idea of when the nest silverlight release will be and if it will have the IP Address restrictions removed from it?