1
votes

I am confused by when and how to use the clientaccesspolicy.xml file in Silverlight. What is it for? Right now, my deployed site (not localhost but the remote server) does NOT have it and I can still access the web site and query the database through a WCF web service. Why should I include it in my root directory?

2

2 Answers

1
votes

You only need it if your Silverlight app will be accessing a service in another domain.

e.g (from the MS site)

"For example, a Silverlight control hosted at http://contoso.com/mycontrol.aspx can access only services on that same domain by default – for example http://contoso.com/service.svc, but not a service at http://fabrikam.com/service.svc."

1
votes

When your silverlight application try to access the method of web service. For the security silverlight first identify the service is valid one not the fake. For that silverlight first request the "ClientAccessPolicy.xml" file, then requested web service will returns the xml file after that silverlight checks that application is allowed to accept call from current service..if yes then app can free to make a service call to verified service.