I have a silverlight application hosted on an asp.net web application including a WCF SOAP web service. The application is running under an HTTPS://... link using SSL. When I deploy it on our test server running IIS 7.5, everything works fine and as expected. I also have a second web application including a RESTful WCF service which runs using SSL on both my local machine and the mentioned test server (but no silverlight client in this case).
My problem is that the silverlight client receives a Security error when getting responses from the SOAP service in the part where deserialization should take place, but only on my local machine.
return base.Channel.EndGet...(IAsyncResult) // <-- exception reported here:
System.ServiceModel.CommunicationException: An error occurred while
trying to make a request to URI 'https://localmachinename.domain.com:8000/Service.svc'.
This could be due to attempting to access a service in a cross-domain way without a
proper cross-domain policy in place, or a policy that is unsuitable for SOAP services.
You may need to contact the owner of the service to publish a cross-domain policy file
and to ensure it allows SOAP-related HTTP headers to be sent. This error may also be
caused by using internal types in the web service proxy without using the
InternalsVisibleToAttribute attribute. Please see the inner exception for more
details. ---> System.Security.SecurityException --->
System.Security.SecurityException: Security error.
at System.Net.Browser.BrowserHttpWebRequest.InternalEndGetResponse(IAsyncResult asyncResult)
at System.Net.Browser.BrowserHttpWebRequest.c__DisplayClassa.b__9(Object sendState)
at System.Net.Browser.AsyncHelper.c__DisplayClass4.b__0(Object sendState)
--- End of inner exception stack trace ---
at System.Net.Browser.AsyncHelper.BeginOnUI(SendOrPostCallback beginMethod, Object state)
at System.Net.Browser.BrowserHttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelAsyncRequest.CompleteGetResponse(IAsyncResult result)
--- End of inner exception stack trace ---
at System.ServiceModel.Channels.Remoting.RealProxy.Invoke(Object[] args)
at proxy_2.EndGetTypes(IAsyncResult )
at NameSpace.ClientClass.ServiceContractInterfaceImplementation.EndGetTypes(IAsyncResult result)
My clientaccesspolicy.xml for the SOAP service looks like this:
<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="*" />
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
Any hints what I'm doing wrong? The deployed application runs fine on our test web server.
Dec 06 2012: The problem still persists. Some updates / more information:
The web service uses windows authentication and impersonation. The only difference between test server and local machine is that the application pools run under different identities which in both cases is a technical domain user. The only difference I've found is that the user on my local machine was not granted the "Trusted for delegation" flag in Active Directory. So I assumed it could be a Kerberos problem. However, when I run my restful WCF service and client, this never was a problem. Besides, using a windows forms client for the SOAP service, everything runs fine on my local machine and developing/debugging is just possible as intended.
So it has to be a Silverlight problem.
What I do not get is, assuming this dreaded security error results from a crossdomain policy problem as it does in most cases, where are those domains crossed? Everything should be happining on the local machine, no other services are called. This shouldn't happen using IIS Express, should it?
Anybody able to help?
