Silverlight + WCF = SecurityException

First baby steps in Silverlight (SL 4, VS 2010) to prototype a WCF service client:

I originally started out by embedding a WCF service in a web application, which provides methods to query a database accessed via NHibernate. A WinForm test client successfully retrieved results from the service.

Migrating this solution to Silverlight was more difficult.

Referencing a web service in a Silverlight project is different from other projects: First, all classes used by the web serviced are generated as proxy classes in the SL project. (Other projects use the original class definitions in the original assemblies). Proxy classes are mapped to the original classes provided by the web service using the attribute


Second, there are no synchronous calls to the web service. Every call has its Async() method and Completed event.

There are two ways in reference a service: the option “Message Contracts” will generate a Request and Response class for each method, containing all the parameters and results. Without that option, the calls directly receive their parameters .

When trying to retrieve a result from the web service, however, Silverlight threw an exception before invoking the Complete event:

An error occurred while trying to make a request to URI “http://localhost:50505/my.svc’. This could be due to attempting to access a service in a cross-domain way without a proper cross-domain policy in place, or a policy that is unsuitable for SOAP services. You may need to contact the owner of the service to publish a cross-domain policy file and to ensure it allows SOAP-related HTTP headers to be sent. This error may also be caused by using internal types in the web service proxy without using the InternalsVisibleToAttribute attribute. Please see the inner exception for more details.

Fehler beim Senden einer Anforderung an den URI “http://localhost:50505/my.svc”. Ursache ist möglicherweise, dass ohne die entsprechende domänenübergreifende Richtlinie oder mit einer nicht für SOAP-Dienste geeigneten Richtlinie domänenübergreifend auf einen Dienst zugegriffen wurde. Möglicherweise müssen Sie sich an den Besitzer des Diensts wenden, damit eine domänenübergreifende Richtliniendatei veröffentlicht und das Senden von sich auf SOAP beziehenden HTTP-Headern zugelassen wird. Dieser Fehler kann auch durch Verwendung von internen Typen im Webdienstproxy ohne das InternalsVisibleToAttribute-Attribut verursacht werden. Weitere Details finden Sie in der inneren Ausnahme.

The problem is caused by a missing crossdomain.xml in the root directory of the web service application which defines cross-domain access from other applications. The file needs to have the following contents:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "">
  <allow-access-from domain="*" />
  <allow-http-request-headers-from domain="*" headers="SOAPAction" />

Thanks to Stack Overflow’s aaginor for the hint.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: