跨域访问控件:
In other words, a page retrieved from somehost containing a Silverlight object tag with source attribute equal to http://someotherhost/somesite/silverlightcontrol.xap.
Note the following points applicable to cross domain access:
三个地方需要配置:
1、客户端Object代码里面添加属性: <param name="EnableHtmlAccess" value="true">
客户端代码:
<object id="obj" data="data:application/x-silverlight," type="application/x-silverlight-2"
width="100%" height="100%">
<param name="source" value="http://servername/sitename/ClientBin/RESAPeopleEntity.xap" >
<param name="onerror" value="onSilverlightError" >
<param name="background" value="Red" > //Transparent
<param name="InitParams" value="" + InitParams + "" >
<param name="Windowless" value="True" >
<param name="EnableHtmlAccess" value="true">
<a href="http://go.microsoft.com/fwlink/?LinkID=115261" style="text-decoration: none;">
<img src="http://go.microsoft.com/fwlink/?LinkId=108181" alt="Get Microsoft Silverlight"
style="border-style: none" >
</a>
</object>
2、xap文件服务器站点的根目录下添加跨域访问文件:clientaccesspolicy.xml,内如如下:
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
3、Sivlerlight工程项目中,Propertites文件夹下AppManifest.xml中添加 ExternalCallersFromCrossDomain="ScriptableOnly",AppManifest.xml内容如下所示:
<Deployment xmlns="http://schemas.microsoft.com/client/2007/deployment"
xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
ExternalCallersFromCrossDomain="ScriptableOnly"
>
<Deployment.Parts>
</Deployment.Parts>
</Deployment>
Beta2与RTW的跨域支持的变动:
在 Silverlight 2 应用程序清单中移除了针对 ExternalCallersFromCrossDomain 属性的 FullAccess 选项
影响的对象:仅限使用此功能组合的 Silverlight 2 应用程序:
在与宿主 HTML 页不同的域中部署 XAP,并且
在根元素上指定 ExternalCallersFromCrossDomain=”FullAccess” 的应用程序清单 (AppManifest.xaml) 受影响。
摘要
在跨域应用程序部署方案中省略了任意脚本的以下功能:沿元素树传递、注册事件并获取事件通知以及从脚本使用 Silverlight 1.0 Downloader。应用程序清单以前支持应用程序作者指定值为 NoAccess(跨域中的默认值)、ScriptableOnly 和 FullAccess 的 ExternalCallersFromCrossDomain 属性。已移除对 FullAccess 选项的支持。
以前依赖于 FullAccess 选项的很多功能现在可以通过可编写脚本的对象功能实现,并且不会给您增加多少工作量。
跨域访问WebService:
In order for a Silverlight (or Flash) app coming from one domain to be able to consume data from services in a different domain, the service must "allow" the app to do so by providing a policy file which grants access (to prevent all sorts of cross-site scripting attacks). This policy file must be located in the root of the "domain" (hostname + port), so if your service is located at http://my.service.com:8000/Service/CoolService.svc/Endpoint, the policy file must be located at http://my.service.com:8000/ClientAccessPolicy.xml (or http://my.service.com:8000/crossdomain.xml in case of the Flash format). That's fairly easy to do on a IIS-hosted service (simply put the static policy file in the root of the web), but for self-hosted apps it isn't as simple (there's no "root" of the web).
To solve this problem for self-hosted WCF services, you can use the web programming model support fairly easily. Basically, you'd define the base address at the root of the domain, and have a web endpoint at the "" address. All the "real" service endpoints would then be in different addresses. The example below shows it in action:
public class SelfHostedServiceWithSilverlightPolicy
{
[ServiceContract]
public interface ITest
{
[OperationContract]
string Echo(string text);
}
[ServiceContract]
public interface IPolicyRetriever
{
[OperationContract, WebGet(UriTemplate = "/clientaccesspolicy.xml")]
Stream GetSilverlightPolicy();
[OperationContract, WebGet(UriTemplate = "/crossdomain.xml")]
Stream GetFlashPolicy();
}
public class Service : ITest, IPolicyRetriever
{
public string Echo(string text) { return text; }
Stream StringToStream(string result)
{
WebOperationContext.Current.OutgoingResponse.ContentType = "application/xml";
return new MemoryStream(Encoding.UTF8.GetBytes(result));
}
public Stream GetSilverlightPolicy()
{
string result = @"<?xml version=""1.0"" encoding=""utf-8""?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri=""*""/>
</allow-from>
<grant-to>
<resource path=""/"" include-subpaths=""true""/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>";
return StringToStream(result);
}
public Stream GetFlashPolicy()
{
string result = @"<?xml version=""1.0""?>
<!DOCTYPE cross-domain-policy SYSTEM ""http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"">
<cross-domain-policy>
<allow-access-from domain=""*"" />
</cross-domain-policy>";
return StringToStream(result);
}
}
public static void Test()
{
string baseAddress = "http://" + Environment.MachineName + ":8000";
ServiceHost host = new ServiceHost(typeof(Service), new Uri(baseAddress));
host.AddServiceEndpoint(typeof(ITest), new BasicHttpBinding(), "basic");
host.AddServiceEndpoint(typeof(IPolicyRetriever), new WebHttpBinding(), "").Behaviors.Add(new WebHttpBehavior());
ServiceMetadataBehavior smb = new ServiceMetadataBehavior();
smb.HttpGetEnabled = true;
host.Description.Behaviors.Add(smb);
host.Open();
Console.WriteLine("Host opened");
Console.Write("Press ENTER to close");
Console.ReadLine();
host.Close();
}