Second Stanza

July 25, 2009

Security Exception on Silverlight Client when Calling WCF Service

Filed under: Silverlight, WCF — Tags: — dfbaskin @ 12:14 pm

I kept getting a SecurityException when calling from my Silverlight client to a WCF service. I had double-checked WCF settings (I used basicHttpBinding, which is what Silverlight supports). I had created clientaccesspolicy.xml and crossdomain.xml files on the root of my web site. The meta data came up correctly for my service. Via Fiddler, I saw that the clientaccesspolicy.xml file was being retrieved successfully. But the call to the actual service never happened (the SecurityException was generated first).

While researching this error, I found this post. The solution worked for me, but it also bugged me. I found it hard to believe that the clientaccesspolicy.xml file just simply didn’t work.

And I was right. I did manage to get the clientaccesspolicy.xml to work. According to this MSDN article, the contents of the clientaccesspolicy.xml file might look like this:

<?xml version="1.0" encoding="utf-8"?>
      <allow-from http-request-headers="*">
        <domain uri="*"/>
        <resource path="/" include-subpaths="true"/>

The problem turns out to be the encoding. When I removed the attribute, encoding=”utf-8″, the Silverlight client happily called the service with no problem.

Ok, scratch that. I tried to reproduce the original problem by adding the encoding back to the clientaccesspolicy.xml, and … it works. I tried resetting the IIS server and clearing the browser cache, and now I can’t get it to fail again.

So, I’m still scratching my head about this.

Blog at