SILVERLIGHT CROSS-DOMAIN / CLIENTACCESSPOLICY FILE CHECKER

By Peter Bromberg

Silverlight / WPF
Articles

Clientaccesspolicy
(25)

Silverlight
(16)

Checker
(5)

Clientaccesspolicy.xml
(5)

Crossdomain
(5)

Cross
(4)

Domain
(4)

A simple page that accepts any url (to a Silverlight app or page), decomposes the uri parts, and checks for either of the accepted cross-domain policy files on the site.

Recently I started putting together a list of search urls that return RSS results and I needed to find out if each particular site supported the required cross-domain policy files. The result was this simple page that does the checking regardless of what url you put in it.

To keep things simple I made it a "script-only" page with no codebehind:

<%@ Page Language="C#" AutoEventWireup="true"  %>
<%@ Import Namespace="System.Xml" %>

<script runat="server" language="C#" >

    protected void Button1_Click(object sender, EventArgs e)
    {
        string msg = "";
        var uri = new Uri(TextBox1.Text);
        string host = uri.Host;
        string scheme = uri.Scheme;
        string test1 = scheme + "://" + host + "/crossdomain.xml";
        var doc = new XmlDocument();
        try
        {
            doc.Load(test1);
            msg = doc.OuterXml;
            // clean up for display in the TextArea
            msg = msg.Replace("><", ">\r\n<");
        }
        catch
        {
            msg = "====================================\r\nNo crossdomain.xml policy file\r\n";
        }
        TextBox2.Visible = true;
        TextBox2.Text = msg;

        string test2 = scheme + "://" + host + "/clientaccesspolicy.xml";
        try
        {
            // clean up for display
            doc.Load(test2);
            string test3 = doc.OuterXml;
            // clean up for display in the TextArea
            test3 = test3.Replace("><", ">\r\n<");
            msg = "======================================\r\n" + test3;
        }
        catch
        {
            msg = "====================================\r\nNo clientaccesspolicy.xml policy file";
        }
        TextBox2.Visible = true;
        TextBox2.Text += msg;
    }
    </script>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>SILVERLIGHT CROSS-DOMAIN / CLIENTACCESSPOLICY FILE CHECKER</title>
</head>
<body>
    <form id="form1" runat="server">
    <p>
        <br />
        <asp:Label ID="Label2" runat="server" Font-Names="TAHOMA" 
            Text="SILVERLIGHT CROSS-DOMAIN / CLIENTACCESSPOLICY FILE CHECKER"></asp:Label>
    </p>
    <div>    
        <asp:Label ID="Label1" runat="server" Text="URL TO APPLICATION:" 
            Font-Names="Tahoma"></asp:Label>
         &nbsp;
        <asp:TextBox ID="TextBox1" runat="server" Width="250px">http://</asp:TextBox>    
        <asp:Button ID="Button1" runat="server" onclick="Button1_Click" Text="Check" 
            Font-Names="Tahoma" />    
    </div>
    <asp:TextBox ID="TextBox2" runat="server" Height="500px" TextMode="MultiLine" Visible="False" 
        Width="550px"></asp:TextBox>
    </form>
</body>
</html>

The functionality is very simple; first we pull apart the Uri parts so that we can reconstruct a URL to the root of the site, then we attempt to load both the crossdomain.xml and the clientaccesspolicy.xml files. If the load is successful we clean up the XML string in a sort of "poor man's xml formatting" and display the policy file; if it is not found, we display the appropriate message.

You can download a zipped copy of the file here.

Popularity (1358 Views)

View Peter Bromberg's Articles

Biography - Peter Bromberg

Peter Bromberg is a C# MVP, MCP, and .NET expert who has worked in banking, financial and telephony for over 20 years. Pete focuses exclusively on the .NET Platform, and currently develops SOA and other .NET applications for a Fortune 500 clientele. Peter enjoys producing digital photo collage with Maya,playing jazz flute, the beach, and fine wines. You can view Peter's UnBlog and IttyUrl sites.

Article Discussion: SILVERLIGHT CROSS-DOMAIN / CLIENTACCESSPOLICY FILE CHECKER

Peter Bromberg posted at Sunday, October 05, 2008 9:03 AM

Original Article

check the existence first

Wilson Chan replied to Peter Bromberg at Sunday, October 05, 2008 9:03 AM

hi, you should check the existence of the file first, for graceful reason:)

The code is attempting to load the file over HTTP.

Peter Bromberg replied to Wilson Chan at Sunday, October 05, 2008 9:03 AM

The only way to check for the exsitence of a remote file via HTTP is to attempt to load it and catch the exception, if any. The code in the article already does this. Am I missing something, or did you just not read the code?

httpRequest

Wilson Chan replied to Peter Bromberg at Sunday, October 05, 2008 9:03 AM

hi, usually I will do like the following:

try
{
            HttpWebRequest request = (HttpWebRequest)WebRequest.Create("http://uri/
ClientAccessPolicy.xml");
            HttpStatusCode status;
            using (HttpWebResponse resp = (HttpWebResponse)request.GetResponse())
            {
                status = request.StatusCode;
            }
            if (status == HttpStatusCode.OK)
            {
  //doc.Load();
            }
            else
            {
            //not found
            }
}
catch(Exception)
{
//not found
}

Yah this is all fine, but--

Peter Bromberg replied to Wilson Chan at Sunday, October 05, 2008 9:03 AM

I want the user to be able to SEE the Xml so they can examine it. Consequently, XmlDocument.Load takes care of everything in one method call.