Stragen 401.3 Error

I posted this in the silverlight section earlier but On reflection I think it really belongs here:

I have a Silverlight application that needs to access a WCF web service (hosted in IIS 6.0) located on a different domain, so I create the ClientAccessPolicy.xml and stick it in the service's web site root.

What I then get is 401.3 errors when the silverlight application tries to access it.

Now here comes the funny bit, having gone over all the NTFS and IIS permissions I could think of , without success, I discovered that I could access it if I changed the extension to .svc (but not if I changed it to .html, .txt, .abc).
I could also access it if I moved it to another web site on the same server, which has as far as I can see has identical permisioning.

Is there another source of permisioning, based on file extensions, hidden away somewhere?

There is no real reason not to have it as .svc.  Can you elaborate on why you felt the need to change this?

Changing the file extension was just an experiment to see if that was the problem.
The file needs to have the .xml extension because Silverlight will always look for a file called ClientAccessPolicy.xml.
So my question really is how do I persuade IIS to serve this file, with the required name.