Network Security Access Restrictions

Network Security Access Restrictions in Silverlight 2:

1) When a socket request is made to the site (cross-domain or site of origin), the Silverlight 2 runtime opens a connection using TCP to a well-known port (port 943) on the target site. Then the runtime sends a special string <policy-file-request/> to the server to request a Silverlight policy file. The Silverlight 2 runtime then waits to receive a reply from the target site that contains a Silverlight policy file. The policy file retrieved will have to grant permission to have a connection to the target host opened.

A simple FluorineFx Silverlight Policy Server is provided. The application comes with a clientaccesspolicy.xml file you can change accordingly (set the port number used):

...
<socket-resource port="4502-4534" protocol="tcp"/>
...
            

Alternativelly the gateway can be configured to start internally a policy server. This requires the following settings in the web.config file:

<fluorinefx>
  <settings>
    <silverlight>
      <policyServer enable="true" policyFile="~clientaccesspolicy.xml"/>
    </silverlight>
  </settings>
</fluorinefx>

 

2) Port range that a Silverlight 2 network application is allowed to connect to must be within the range of 4502-4534

Define a RTMP channel in the service configuration file with the endpoint url set as uri="rtmp://{server.name}:4502" (or the port number the Silverlight application will connect to)

 

For details on Network Security Access Restrictions please read Network Security Access Restrictions in Silverlight 2 in the MSDN library