Silverlight: Network Security Policy

Overview

Security is a major concern for Internet applications and Silverlight has been built from the ground-up with security in mind. For this reason, there are limitations on network access built into Silverlight. For a Silverlight application to access an HTTP network resource on a site other than where the Silverlight application is hosted, the site hosting the resource must grant permission to Silverlight. Socket communications always require a security policy file.

See Further Reading for additional information on the different types of security issues Silverlight mitigates.

Supported Policy Files

Silverlight supports both a native policy file format and also a limited subset of the Adobe Flash policy file. The main limitations of the Flash cross domain file are that it must grant connections to all domains and is only available for HTTP communications, not sockets. This gives Silverlight developers access to many, if not most, web services available today without compromising security or the intent the service provider had when they published the policy file.

The native Silverlight policy file gives greater control over the allowed types of access to resources, but will require service providers to update their servers and the file is not compatible with Flash. The Silverlight policy file will allow you to not only specify which paths should be accessible, but also provides a means to limit which HTTP request headers are accepted.

Flash crossdomain.xml policy file

The following is an example of a supported Flash crossdomain.xml file that allows full access to both Flash and Silverlight. Silverlight will only attempt to load it from the root directory of the server. This type of file is otherwise known as a master policy file.

Silverlight clientaccesspolicy.xml policy file

The Silverlight clientaccesspolicy.xml allows you to specify access permissions for both HTTP and socket communications. For HTTP communications you may control the allowed sites, the resource path(s) granted access, and the allowed request headers. For socket communications you specify the port between 4502 and 4543 and the protocol, though only TCP is currently supported, instead of specifying a path and headers.

The following native Silverlight policy file allows access from the single domain http://mytrustedsite.com to a single path /clientApi1 with or without a query string (/clientApi1#example and /clientApi1?key=value), but not to any sub-paths(/clientApi1/?key=value). The file also allows all non-blacklisted HTTP request headers.

The following example allows access from all domains to the whole site and also allows all non-blacklisted HTTP request headers.

Download Sample

Further Reading

Related information on the web is listed below.