Monday, June 27, 2011

Accessing SharePoint Silverlight 4 API from outside of SharePoint

If you are like me, building Silverlight SharePoint components, you probably noticed that debugging Silverlight running from within a SharePoint solution is almost impossible!

There are many settings to take care of, and you have to install and configure your server to allow debugging, honestly I gave up in the middle.

Instead, I though, why not run the Silverlight application locally, and have it connect to the SharePoint API?

Well, try that and you will be in to a little surprise.

Any Microsoft.SharePoint.Client.Silverlight call you make will get you a System.Security.SecurityException: Security error.

Not a lot of info there, but this is easy to fix and not documented well enough anywhere in all the Silverlight SharePoint development guides I looked at.

The cause for this error, is that Silverlight blocks cross domain access by default, preventing applications from one domain to invoke requests from another domain, unless the remove domain explicitly allows it.

To allow that call, Silverlight makes a request to the root of the remote server to read a configuration file named clientaccesspolicy.xml, if this file does not exist – Silverlight checks for a flash configuration policy file instead (but lets focus on pure Silverlight 4 for now.)

In order to allow cross domain requests to be executed, just put this configuration file in the root of your web application (next to the web.config file):

file name: clientaccesspolicy.xml

<?xml version="1.0" encoding="utf-8"?>
<
access-policy>
<
cross-domain-access>
<
policy>
<
allow-from http-request-headers="*">
<
domain uri="*"/>
</
allow-from>
<
grant-to>
<
resource path="/" include-subpaths="true"/>
</
grant-to>
</
policy>
</
cross-domain-access>
</
access-policy>


Once you have this file, you should be able to run and debug your Silverlight application from anywhere, making it easy to debug your SharePoint Silverlight applications on either dev, testing or production servers!


Cheers, Shai.

No comments: