0

I've got a Silverlight application that makes a cross-domain request. The clientaccesspolicy.xml file exists on the server I am making a request to and is correctly configured.

I know that it is correctly configured because when I use the application to make a request from my machine I receive a response with no problem.

When a second individual on a corporate network about 300 miles away tries to use the same application, launched from the same URL, to make the same request, he instead gets a security exception.

Here's the odd part. I requested that he download Fiddler so that I could see the request and it's response, and thereby gain some insight into the problem, but when he runs the app with Fiddler open, the request succeeds.

This happens in both Chrome and IE. With Fiddler everything is fine. Without it, it doesn't work.

We've tried clearing his history, deleting the Silverlight app from the cache, everything I can think of.

The request is being made to a private network (which he is on), I make the request through a VPN connection to that network (in case for some reason that matters).

Any thoughts as to what's causing this bizarre problem?

EricLaw
  • 56,563
  • 7
  • 151
  • 196
Anthony Compton
  • 5,271
  • 3
  • 29
  • 38
  • Take a Netmon capture with and without Fiddler running and then analyze the lower-level capture. – EricLaw Oct 20 '10 at 18:20
  • I tried using NetMon to monitor my own traffic performing the same request, but when I'm connected to them through the VPN all of my traffic is obscured. I believe that he's connected directly to the network hosting the request URL, so I'll update the OP when I get back his network traffic information. – Anthony Compton Oct 21 '10 at 16:57
  • One of the Silverlight folks points out that your proxy settings may be at fault. You cannot (apparently) get content from across Zones. When your proxy configuration is set to AUTO, sites may get mapped to the Intranet zone (see http://msdn.microsoft.com/en-us/library/bb250483(VS.85).aspx). When Fiddler is run, it changes your proxy setting away from AUTO, and any dotted hostname is treated as Internet. – EricLaw Oct 26 '10 at 00:44
  • I very strongly suspect that this is the exact problem we're dealing with. After I've given the link a good look, I'll see if we can verify that this is the problem and will update the thread as necessary. Thanks for the continued help! – Anthony Compton Oct 26 '10 at 15:15
  • Should I assume that if the user is using a different browser, that Silverlight is relying on the settings in the user's "Internet Settings" in the Control Panel to zone a URL? I'm beginning to think it'd be best for me to move this to the Silverlight forums. – Anthony Compton Oct 26 '10 at 18:23
  • http://blogs.msdn.com/b/fiddler/archive/2010/11/22/fiddler-and-silverlight-cross-zone-cross-domain-requests.aspx – EricLaw Mar 22 '11 at 13:41

2 Answers2

0

Despite the fact the Fiddler "fixes" the issue it would still be worth while getting this second individual to save a .saz file from fiddler for the successfull set of sessions and then for you to compare them with a successfull set you have from your own machine.

An analysis of the differences may reveal a potential cause when fiddler is not in place.

Another approach would be to use a network protocol anaylser such as Wireshark. The elimination of the proxy that Fiddler represents may be enough to expose the problem, of course such tool is much more technical.

AnthonyWJones
  • 187,081
  • 35
  • 232
  • 306
  • He should be sending me his .saz file soon. Once I get it and analyze it I'll update the OP with any information I can glean from it. – Anthony Compton Oct 21 '10 at 17:00
0

This post is simply to catalog the solution for future users. Thanks to everyone who helped.

The actual problem turned out to be (just as EricLaw -MSFT- suggested) that the client's machine was zoning the request URL as Intranet and the Silverlight application as Internet, and I am not permitted to make requests across zones.

EricLaw's direct responses may be viewed in the comments under the original question.

The URL below (provided by Eric) contains information regarding the denial of cross-zone request, as well as solutions.

msdn.microsoft.com/en-us/library/bb250483(VS.85).aspx

Anthony Compton
  • 5,271
  • 3
  • 29
  • 38
  • Hi Anthony, I have the same issue when testing my silverlight app with IE. My app is on localhost, and the wcf-service on a server with an https://server.mydomain.com/ adress. It only works when fiddler is running or if I run it in opera. I have red the article of Eric but I don't know how to configore IE / proxies to get it running in the IE. Can you help me out on this? – Aaginor Nov 04 '10 at 09:17
  • I think it is to note, that it seems that both sites are in the local intranet. I opened the svc-Page in the IE and it shows "local intranet" too. Can the problem relate to the self-signed server certificate I use for the https service? – Aaginor Nov 04 '10 at 10:19
  • Have you tried moving the app up to the server and launching it from there? Although I can't pinpoint exactly what the problem is, I know that my app doesn't successfully retrieve data when launched from localhost. However, when I move it to the server and launch it, everything is fine. – Anthony Compton Nov 04 '10 at 12:29