Making a Service Available Across Domain Boundaries

Using for cross-domain communication requires guarding against several types of security vulnerability that can be used to exploit Web applications. Cross-site forgery is a class of exploits that becomes a threat when allowing cross-domain calls. This exploit involves a malicious Silverlight control transmitting unauthorized commands to a third-party service, without the user's knowledge. To prevent cross-site request forgery, Silverlight allows only site-of-origin communication by default for all requests other than images and media. For example, a Silverlight control hosted at https://contoso.com/mycontrol.aspx can access only services on that same domain by default – for example https://contoso.com/service.svc, but not a service at https://fabrikam.com/service.svc. This prevents a malicious Silverlight control hosted on the https://contoso.com domain from calling unauthorized operations on a service hosted on the https://fabrikam.com domain.

To enable a Silverlight control to access a service in another domain, the service must explicitly opt-in to allow cross-domain access. By opting-in, a service states that the operations it exposes can safely be invoked by a Silverlight control, without potentially damaging consequences to the data that the service stores.

Silverlight 3 supports two different mechanisms for services to opt-in to cross-domain access:

• Place a clientaccesspolicy.xml file at the root of the domain where the service is hosted to configure the service to allow cross-domain access.

• Place a valid crossdomain.xml file at the root of the domain where the service is hosted. The file must mark the entire domain public. Silverlight supports a subset of the crossdomain.xml schema.

For more information about cross-scheme access, see Network Security Access Restrictions in Silverlight.

To use a clientaccesspolicy.xml file to allow cross-domain access

1. Build a service that enables access by a Silverlight client. For more information about how to do this, see How to: Build a Service for Silverlight Clients.

2. Create a clientaccesspolicy.xml file that allows access to the service. The following configuration allows access from any other domain to all resources on the current domain.

   <?xml version="1.0" encoding="utf-8"?>
   <access-policy>
     <cross-domain-access>
       <policy>
         <allow-from http-request-headers="SOAPAction">
           <domain uri="*"/>
         </allow-from>
         <grant-to>
           <resource path="/" include-subpaths="true"/>
         </grant-to>
       </policy>
     </cross-domain-access>
   </access-policy>
   

3. Save the clientaccesspolicy.xml file to the root of the domain where the service is hosted. If, for example, the service is hosted in https://fabrikam.com then the file must be located at https://fabrikam.com/clientaccesspolicy.xml.

4. The valid values for the headers attribute are the wildcard (“*”), which allows all headers that have not been blacklisted and a comma-separated list of allowed headers. These allowed headers can use a wildcard suffix, for example, “X-CUSTOM-*”.

5. Alternatively, if you want to allow access from only one other domain, such as https://contoso.com, the clientaccesspolicy.xml should contain the following configuration.

   <?xml version="1.0" encoding="utf-8"?>
   <access-policy>
     <cross-domain-access>
       <policy>
         <allow-from http-request-headers="SOAPAction ">
           <domain uri="https://contoso.com"/>
         </allow-from>
         <grant-to>
           <resource path="/" include-subpaths="true"/>
         </grant-to>
       </policy>
     </cross-domain-access>
   </access-policy>
   

6. Test that the access is enabled by invoking the service from the other domain.

7. Note

   To allow access to an HTTPS service from an HTTP application, you need to put the <domain uri=”https://*” /> element inside your <allow-from> element.

To use a crossdomain.xml file to allow cross-domain access

1. Build a service that enables access by a Silverlight client. For more information about how to do this, see How to: Build a Service for Silverlight Clients.

2. Create a crossdomain.xml file that contains the following configuration. The file must be configured to allow access to the service from any other domain, or it is not recognized by Silverlight 3.

   <?xml version="1.0"?>
   <!DOCTYPE cross-domain-policy SYSTEM "https://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
   <cross-domain-policy>
     <allow-http-request-headers-from domain="*" headers="SOAPAction,Content-Type"/>
   </cross-domain-policy>
   

3. Save the crossdomain.xml file to the root of the domain where the service is hosted. If, for example, the service is hosted in https://fabrikam.com, then the file must be located at https://fabrikam.com/crossdomain.xml.

4. Test that the service is enabled by invoking the service from the other domain.

Send comments about this topic to Microsoft.

Copyright © 2009 by Microsoft Corporation. All rights reserved.