使用 进行跨域通信需要预防几种类型的安全漏洞,它们可被用于违法利用 Web 应用程序。“跨站点伪造”(Cross-site forgery) 作为一种利用手段,在允许跨域调用时会成为威胁。此利用手段包括在用户不知情的情况下向第三方服务传输未授权命令的恶意 Silverlight 控件。为了避免跨站点请求伪造,对于除图像和媒体之外的其他所有请求,Silverlight 在默认情况下只允许源站点通信。例如,在 http://contoso.com/mycontrol.aspx 上承载的 Silverlight 控件默认只能访问同一域中的服务(例如 http://contoso.com/service.svc),而不能访问位于 http://fabrikam.com/service.svc 的服务。这可以避免在 http://contoso.com 域上承载的恶意 Silverlight 控件对 http://fabrikam.com 域上承载的服务调用未授权操作。
若要允许 Silverlight 控件访问其他域上的服务,该服务必须明确选择允许跨域访问。通过选择,服务声明它公开的操作可以由 Silverlight 控件安全地调用,而不会对该服务存储的数据造成具有潜在危害的结果。
Silverlight 2.0 支持两种不同的机制供服务选择跨域访问:
- 在承载服务的域的根目录中放置一个 clientaccesspolicy.xml 文件,以配置服务允许跨域访问。
- 在承载服务的域的根目录中放置一个有效的 crossdomain.xml 文件。该文件必须将整个域标记为 public。Silverlight 支持 crossdomain.xml 架构的一个子集。
使用 clientaccesspolicy.xml 文件来允许跨域访问
-
构建允许 Silverlight 客户端访问的服务。有关 有关 如何进行此操作的更多信息,请参见如何:为 Silverlight 客户端构建服务。
-
创建允许访问该服务的 clientaccesspolicy.xml 文件。以下配置允许从任何其他域访问当前域上的所有资源。
<?xml version="1.0" encoding="utf-8"?> <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="*"> <domain uri="*"/> </allow-from> <grant-to> <resource path="/" include-subpaths="true"/> </grant-to> </policy> </cross-domain-access> </access-policy>
-
将 clientaccesspolicy.xml 文件保存到承载该服务的域的根目录中。例如,如果该服务在 http://fabrikam.com 上承载,则文件必须位于 http://fabrikam.com/clientaccesspolicy.xml。
-
标头属性的有效值包括允许所有未列入黑名单的标头的通配符 (*),以及允许标头的逗号分隔列表。这些允许的标头可以使用通配符后缀,例如“X-CUSTOM-*”。
-
或者,如果只允许从其他域中的一个进行访问(例如 http://contoso.com),clientaccesspolicy.xml 应当包含以下配置。
<?xml version="1.0" encoding="utf-8"?> <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="*"> <domain uri="http://contoso.com"/> </allow-from> <grant-to> <resource path="/" include-subpaths="true"/> </grant-to> </policy> </cross-domain-access> </access-policy>
-
通过从其他域调用服务来测试是否已启用访问。
使用 crossdomain.xml 文件来允许跨域访问
-
构建允许 Silverlight 客户端访问的服务。有关 有关 如何进行此操作的更多信息,请参见如何:为 Silverlight 客户端构建服务。
-
创建包含以下配置的 crossdomain.xml 文件。必须将该文件配置为允许从任何其他域访问服务,否则 Silverlight 2.0 将无法识别它。
<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-http-request-headers-from domain="*" headers="*"/> </cross-domain-policy>
-
将 crossdomain.xml 文件保存在承载服务的域的根目录中。例如,如果该服务在 http://fabrikam.com 上承载,则文件必须位于 http://fabrikam.com/crossdomain.xml。
-
通过从其他域调用服务来测试是否已允许访问该服务。
Making a Service Available Across Domain Boundaries | |
This page is specific to:
Microsoft Version:Silverlight 3
|
Using for cross-domain communication requires guarding against several types of security vulnerability that can be used to exploit Web applications. Cross-site forgery is a class of exploits that becomes a threat when allowing cross-domain calls. This exploit involves a malicious Silverlight control transmitting unauthorized commands to a third-party service, without the user's knowledge. To prevent cross-site request forgery, Silverlight only allows site-of-origin communication by default for all requests other than images and media. For example, a Silverlight control hosted at http://contoso.com/mycontrol.aspx can only access services on that same domain by default – for example http://contoso.com/service.svc, but not a service at http://fabrikam.com/service.svc. This prevents a malicious Silverlight control hosted on the http://contoso.com domain from calling unauthorized operations on a service hosted on the http://fabrikam.com domain.
To enable a Silverlight control to access a service in another domain, the service must explicitly opt-in to allow cross-domain access. By opting-in, a service states that the operations it exposes can safely be invoked by a Silverlight control, without potentially damaging consequences to the data the service stores.
Silverlight 2 supports two different mechanisms for services to opt-in to cross-domain access:
- Place a clientaccesspolicy.xml file at the root of the domain where the service is hosted to configure the service to allow cross-domain-access.
- Place a valid crossdomain.xml file at the root of the domain where the service is hosted. The file must mark the entire domain public. Silverlight supports a subset of the crossdomain.xml schema.
To use a clientaccesspolicy.xml file to allow cross-domain access
-
Build a service than enables access by a Silverlight client. For more information about how to do this, see How to: Build a Service for Silverlight Clients.
-
Create a clientaccesspolicy.xml file that allows access to the service. The following configuration allows access from any other domain to all resources on the current domain.
<?xml version="1.0" encoding="utf-8"?> <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="*"> <domain uri="*"/> </allow-from> <grant-to> <resource path="/" include-subpaths="true"/> </grant-to> </policy> </cross-domain-access> </access-policy>
-
Save the clientaccesspolicy.xml file to the root of the domain where the service is hosted. If, for example, the service is hosted in http://fabrikam.com then the file must be located at http://fabrikam.com/clientaccesspolicy.xml.
-
The valid values for the headers attribute are the wildcard (“*”) which allows all headers that have not been blacklisted and a comma separated list of allowed headers. These allowed headers may use a wildcard suffix, for example, “X-CUSTOM-*”.
-
Alternatively, if you want to allow access form only one other domain, such as http://contoso.com, the clientaccesspolicy.xml should contain the following configuration.
<?xml version="1.0" encoding="utf-8"?> <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="*"> <domain uri="http://contoso.com"/> </allow-from> <grant-to> <resource path="/" include-subpaths="true"/> </grant-to> </policy> </cross-domain-access> </access-policy>
-
Test that the access is enabled by invoking the service from the other domain.
To use a crossdomain.xml file to allow cross-domain access
-
Build a service than enables access by a Silverlight client. For more information about how to do this, see How to: Build a Service for Silverlight Clients.
-
Create a crossdomain.xml file that contains the following configuration. The file must be configured to allow access to the service from any other domain, or it is not recognized by Silverlight 2.
<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-http-request-headers-from domain="*" headers="*"/> </cross-domain-policy>
-
Save the crossdomain.xml file to the root of the domain where the service is hosted. If, for example, the service is hosted in http://fabrikam.com then the file must be located at http://fabrikam.com/crossdomain.xml.
-
Test that the service is enabled by invoking the service from the other domain.