5

I'm POSTing data to a server and successfully execute BeginGetRequestStream, then EndGetRequestStream, write my POST data to the fill the RequestStream, and call BeginGetResponse.

BeginGetResponse successfully returns and I then call:

Dim response As HttpWebResponse = CType(MyHttpRequest.EndGetResponse(asynchronousResult), HttpWebResponse)

This line throws the folloing SecurityException Error:

{System.Security.SecurityException ---> System.Security.SecurityException: Security error.
at System.Net.Browser.BrowserHttpWebRequest.InternalEndGetResponse(IAsyncResult asyncResult)
at System.Net.Browser.BrowserHttpWebRequest.<>c__DisplayClass5.b__4(Object sendState)
at System.Net.Browser.AsyncHelper.<>c__DisplayClass2.b__0(Object sendState)

--- End of inner exception stack trace ---
at System.Net.Browser.AsyncHelper.BeginOnUI(SendOrPostCallback beginMethod, Object state)
at System.Net.Browser.BrowserHttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at EtsyV2NetSL.WebQuery.POST_ResponseCallback(IAsyncResult asynchronousResult)}

So my first thought was that I was being blocked by the server with their clientaccesspolicy.xml or crossdomain.xml. I've fired up Fiddler and saw the following:

GET http://openapi.etsy.com/clientaccesspolicy.xml > 596 (text/xml)
GET http://openapi.etsy.com/crossdomain.xml > 200 OK (application/xml)

So I checked their crossdomain.xml and the settings appear ok:

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>

I've hit a dead end in trying to solve this problem. I'm running the test app on my dev machine from VS.

Does anyone have any ideas as to why Silverlight would be throwing this error?

Thanks

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Graeme
  • 789
  • 6
  • 13
  • 33

2 Answers2

1

I dealt with a very similar problem today - however instead of an HTTP POST, I was attempting to do a WCF service call.

Here is the comment I placed in my code - please let me know if its not clear enough to be helpful.

// NB: Cross-domain bug
// If you end up here with a System.Security.SecurityException "Security error."
// Check that you're not trying to cross zones when making a service call
// (eg: Accessing Trigger Driver TimeSource service on http://IASWEB01/ when accessing the site via usertest.local
//  or any other URI with dots in it - yes it seems crazy)

This seems to be some security 'feature'. With the WCF call I got this exception even before the Silverlight client attempted to fetch the clientaccesspolicy.xml from the target host. Very annoying issue without a real solution in sight!

maltem-za
  • 1,225
  • 2
  • 16
  • 23
  • As you can see from my Fiddler trace, Silverlight checks and finds a 'backwards compatible' policy file. So I can issue GET commands across domains quite happily. However I'm working with a third-party company and don't have control over the policy files used. The code I'm usung works fine with WinForms/ASP.NET/WPF; I've tweaked the code for Silverlight but am hitting the Security Exception error. It appears from Silverlight that it sends fine & errors on getting the response however when doing a lookup the data posted isn't found. So the POST/PUT methods are throwing the Security exceptions. – Graeme Nov 18 '10 at 21:38
  • And can you see the POST going out in Fiddler? It still seems to me the problems are related, ie: failure before the http request is completed or even completely constructed. – maltem-za Nov 19 '10 at 07:50
  • 1
    Fiddler's not catching the POST - so can't tell. – Graeme Nov 21 '10 at 13:26
1

It seems like it's a client access policy issue, check this:

http://forums.silverlight.net/forums/p/26566/90867.aspx

It worked for me.

Jportelas
  • 646
  • 10
  • 21