Silverlight HttpWebRequest SecurityException

Question

The Problem

I have a restful web service that is running on a remote server. I have already made a WP7 app that uses it, so I know that it works. I am porting the application to a Silverlight web app and ran into a problem.

I have included a simplified version of the code as well as the error that is thrown. The error is thrown on the EndGetResponse method.

Feel free to ask for more information. I have search around for solutions and haven't found anything that works or really applies to my issue. It seems like such simple code and it works perfectly on the WP7 version. Any help will be appreciated.

The Code

void SendRequest() {
    string url = "http://some-example-restful-service:5600/locations/data/all";
    HttpWebRequest request = (HttpWebRequest) HttpWebRequest.Create(url);

    request.Method = "POST";
    request.ContentType = "application/json; charset=utf-8";

    request.BeginGetResponse(new AsyncCallback(RequestCallback), request);
}

public static void RequestCallback(IAsyncResult asyncResult) {
    HttpWebRequest request = (HttpWebRequest) asyncResult.AsyncState;
    HttpWebResponse response = (HttpWebResponse) request.EndGetResponse(asyncResult);

    //Parse JSON object

    response.Close();

    //Dispatch result back to GUI thread
}

The Error

SecurityException was unhandled by user code

System.Security.SecurityException: Security error.

at System.Net.Browser.BrowserHttpWebRequest.InternalEndGetResponse(IAsyncResult asyncResult)
at System.Net.Browser.BrowserHttpWebRequest.<>c__DisplayClass5.<EndGetResponse>b__4(Object sendState)
at System.Net.Browser.AsyncHelper.<>c__DisplayClass4.<BeginOnUI>b__0(Object sendState)
--- End of inner exception stack trace ---
at System.Net.Browser.AsyncHelper.BeginOnUI(SendOrPostCallback beginMethod, Object state)
at System.Net.Browser.BrowserHttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at ServieTest.MainPage.RequestCallback(IAsyncResult asyncResult)
at System.Net.Browser.BrowserHttpWebRequest.<>c__DisplayClassd.<InvokeGetResponseCallback>b__b(Object state2)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(Object state)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Answer 1

Turns out I needed to add a clientaccesspolicy.xml file on the root of the domain of the service.

The following is what the content of the file should be:

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
    <cross-domain-access>
        <policy>
            <allow-from http-request-headers="*">
                <domain uri="*"/>
            </allow-from>
            <grant-to>
                <resource path="/" include-subpaths="true"/>
            </grant-to>
        </policy>
    </cross-domain-access>
</access-policy> 

Answer 2

According to this answer, Silverlight (in-browser) honors the cross-domain policy of the server from which you're requesting the data. Since it's your own web service, you could add a crossdomain.xml file to the root of your application that allows outside domains to make cross-domain requests (per this answer).