I'm having issues with cross domain access from a Silverlight project to a WCF service in ASP.
This tutorial recommends making crossdomain.xml or clientaccesspolicy.xml files and putting them in the web root of the service.
I have made these files, and put them in the top level of the project in Visual Studio. I'm still having the problem. Does that mean that I have the files in the wrong place?
clientaccesspolicy.xml:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
crossdomain.xml:
<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>
<resource include-subpaths="true" path="/"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
Update: I'm currently just working on the development server. How can I make it work there?
As far as I know they have to go in the root directory of the web server ( / ) and not the root of your web project.
These files must be deployed along with the WCF service on the IIS web-server.
So the "root" is not the one of your project but the one of the web-site (in the sense of a IIS web-site).
One problem you end up with using the developement web server is that the web project holding your WCF service may well specify a virtual path. This places what appears at the root of the project in a virtual folder down from the "/" root from the clients perspective. Hence placing a clientaccesspolicy.xml file at the root of your project doesn't put the file at "/clientaccesspolicy.xml" where the silverlight client will expect it to be.
In Visual Studio open the properties window for the web project hosting you WCF services, select the Web tab, set the Virtual Path to "/". (You probably want to do that before you create the references and proxies to it in the Silverlight project).
BTW unless you intend to support client technologies other than Silverlight you do not need the crossdomain.xml file.
My files were in the right place. The problem is that the names of those two files were swapped - the SL cross domain rules were named with the Flash file name, and vice versa.
Related
We have a whole bunch of websites with very similar web.config files.
Can you centralise the duplicate configs in 1 config file before the root directory of each website? Or is the only option machine.config?
We are looking to centralise an assembly reference in the GAC.
Structure:
Containing Directory
Website 1 Directory
Website 2 Directory
Website 3 Directory
Web.Config File for all above sites
I have not encountered a way to have inherited config files besides machine.config, app/web.config and user.config levels. But you can use configSource attribute on all config sections (ConfigurationSection based) to include a common file for example with service endpoints, client endpoints, bindings, connection strings and others. Even though VS intellisense marks it as unsupported it does work.
<configuration>
<system.serviceModel>
<services configSource="Services.config" />
<client configSource="Client.config" />
<bindings configSource="Bindings.config" />
<behaviors configSource="Behaviors.config" />
</system.serviceModel>
<pages configSource="pages.config"/>
</configuration>
Config source files must be in application's folder or any folder below. No going up or absolute paths. But there is a trick to overcome this limitation in VS2010. You need to add an existing file as a link and change its property named "Copy to Output Directory". This way your absolute path file will get copied to your application folder from where you can reference it in configSource.
In previous versions of VS it is also possible but in a less elegant way - copy file in post build event.
If you are looking mainly to centralize WCF settings there is another option: in-code configuration. Huge advantage of this is you get compilation-time check and refactoring support from VS. If this does not sound like much I can assure you that in a bigger WCF project, config file management is a nightmare especially when you need to change something. With this approach it is also very easy to centralize WCF settings by just creating a common assembly where all services, endpoints, bindings etc. are defined. Disadvantage is that you loose possibility to change WCF settings without recompilation. But if those settings do not change very often it is a tempting alternative.
You can use the web.config located in
%SystemRoot%\Microsoft.NET\Framework\<versionNumber>\CONFIG\Web.config
Or if in IIS you configure your Containing directory as a main web site and then put your website directories as applications, you can put the web.config in the main web site to have the structure you mention.
I am getting Error "2048" while accessing one of my deployed application of flex which is deployed on apache server.
I am using database which is hosted on other server and my application is on different server.
I have added crossdomain.xml in application's directory eg. apache.../webapps/MyApplication/crossdomain.xml
I can access crossdomain.xml successfully.
Are you loading the crossdomain.xml file manually by loadPolicyFile() function ?
System.security.loadPolicyFile("http://yourdomain.com/webapps/MyApplication/crossdomain.xml");
or
try moving the crossdomain.xml file to the root of your web server as http://yourdomain.com/crossdomain.xml
Also you can use flashbug extension for firebug to see all the policy violations... its very handy.
Get Flashbug
You are on the right way.
When you required information from an application on a host, you have, for flash security purpose, to copy the crossdomain.xml file in the root web dir on the server hosting the application.
Now maybe the problem comes from your crossdomain.xml file, try this one :
<?xml version="1.0"?>
<cross-domain-policy>
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>
I get the below error when i am trying to make a java call from flex.
[RPC Fault faultString="Send failed"
faultCode="Client.Error.MessageSend"
faultDetail="Channel.Security.Error error
Error #2048: Security sandbox violation:
'http://sample.com/sample.swf' cannot
load data from
http://sample:8080/messagebroker/amf.
url:
'http://sample:8080/messagebroker/amf'"]
When i tried running the same in my local tomcat server, this was working fine. But when hosted as a site, i am getting this error. I tried placing the crossdomain.xml file in the root directory too. But the error would never go. crossdomain file is like below.
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all" />
<allow-access-from domain="*" to-ports="*"/>
<cross-domain-policy/>
The logs says this
Connection to
'http://sample:8080/messagebroker/amf'
halted - not permitted from
http://sample.com/sample.swf.
has anyone faced a similar problem in hosting a flex site?
Take a look you have a different domains http://sample.com/ and http://sample:8080/.
A bit late to the game, but some other items to check.
You stated you can run off of the local instance of tomcat. I am going to assume you are invoking this service as localhost and not by IP address (and/or computer name). If you are running a flex app and you have not changed your run configurations, you are running from to localhost. Once you leave the locahost domain, ensure that you go into your run configurations (the little down arrow next to the run or debug button), and enter the local path you are running the application from using your IP address. Now you will be running IP address of application to IP address (or whatever not localhost) of service. This usually will resolve the problem.
Next, ensure your crossdomain.xml file is located at the ROOT of the server. you should be able to browse to http://yourhostname/crossdomain.xml. There should not be any pathing involved. crossdomain.xml should be at root level of hosting service.
It might also be necessary to set your local instance of workspace for Flex to a virtual directory under your web server (IIS, tomcat). In my case I can browse to 127.0.0.1/workspace/someflexapp/bin-debug/projectname.html and the flex app will run.
Been through this many times and following the above steps has always resolved the problems.
You can use a crossdomain.xml file such as below for open access to most everything that flex will request from a web/soap service.
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" to-ports="*"/>
<allow-http-request-headers-from domain="*" headers="*"/>
<allow-http-request-headers-from domain="*"/>
</cross-domain-policy>
I have a JAX-RS (Rest) web service, that only enables access through SSL.
If I try to acces it though IE feeding the according parameters, I get the correct response.
Now using Flex's HTTPService component like this:
<s:HTTPService id="httpsService"
url="https://myIp:myHTTPSPort/JAXRS/jaxrs/GetText"
resultFormat="text"
result="httpsService_resultHandler(event)"
fault="httpsService_faultHandler(event)">
<s:request>
<text>My Text</text>
</s:request>
</s:HTTPService>
The fault event is started with the "HTTP request error" faultstring.
I already added this crossdomain file to the WEB-INF folder of the web service project:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="flexApplicationIp" secure="true"/>
</cross-domain-policy>
...but as you might have guessed didn't work.
I have a self generated HTTPS certificate on the host of my web service, so I dont'k know if I need to add it on Flex somewhere.
Any ideas?
at least, crossdomain.xml should be placed in root of your war file, because it has to be accessible by flash plugin. according to specification, contents of WEB-INF is NOT directly accessible by clients.
Just added the certificate following the steps mentioned here and voilá... Got it working
I have to deploy a webapp on Tomcat 6.0.24, serving some webservices that should be accessed with REST-style methods (not fully REST, since the used flex class HTTPService can just send GET and POST).
The webservices are deployed at http://localhost:8080/-webappname-/rest/-methodname-
The problem is that the policy of flex sandbox (i think it is called so) requires that the server with the services has to offer a file crossdomain.xml on his root directory.
I created that file with the following contents:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
Now i have to find the right place to put it, since i also have an apache server running on that machine, on port 80:
in the /var/www of apache?
Accessible at http://localhost/
in the ROOT of the tomcat default
webapp? Accessible at
http://localhost:8080/
I am testing it and it does not seem to work. Maybe i am not doing it right.
PS: I think Apache is not configured to manage Tomcat-addressed requests, every request is dispatched by port, i think.
I can not provide the exact flex error since i am not developing that part. I will try to make a minimal example in the next hours and see if i can reproduce the problem.
It actually doesn't matter where you stick it (physically) as long as the URL request "http://localhost:8080/crossdomain.xml" returns the right file.