C# Silverlight Rest 服务,安全例外
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/254899/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Silverlight Rest Service, Security Exception
提问by Kris Erickson
I am trying to get Silverlight to work with a quick sample application and am calling a rest service on a another computer. The server that has the rest service has a clientaccesspolicy.xml which looks like:
我正在尝试让 Silverlight 使用快速示例应用程序,并且正在另一台计算机上调用休息服务。具有其余服务的服务器有一个 clientaccesspolicy.xml,如下所示:
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
And is being picked up (at least according to the the network traces I have run), and there is no request for crossdomain.xml. The C# code looks like:
并且正在被接收(至少根据我运行的网络跟踪),并且没有对 crossdomain.xml 的请求。C# 代码如下所示:
public Page()
{
InitializeComponent();
string restUrl = "http://example.com/rest_service.html?action=test_result";
WebClient testService = new WebClient();
testService.DownloadStringCompleted += new DownloadStringCompletedEventHandler(testService_DownloadStringCompleted);
testService.DownloadStringAsync(new Uri(restUrl, UriKind.Absolute));
}
void testService_DownloadStringCompleted(object sender, DownloadStringCompletedEventArgs e)
{
if (e.Error == null)
{
LoadTreeViewWithData(e.Result);
}
}
However, I always get the following Security Error back:
但是,我总是收到以下安全错误:
{System.Security.SecurityException ---> System.Security.SecurityException: Security error.
at System.Net.BrowserHttpWebRequest.InternalEndGetResponse(IAsyncResult asyncResult)
at System.Net.BrowserHttpWebRequest.c__DisplayClass5.b__4(Object sendState)
at System.Net.AsyncHelper.c__DisplayClass2.b__0(Object sendState)
--- End of inner exception stack trace ---
at System.Net.AsyncHelper.BeginOnUI(SendOrPostCallback beginMethod, Object state)
at System.Net.BrowserHttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.WebClient.GetWebResponse(WebRequest request, IAsyncResult result)
at System.Net.WebClient.DownloadBitsResponseCallback(IAsyncResult result)}
What am I doing wrong? And why doesn't the security error tell me some more useful information?
我究竟做错了什么?为什么安全错误没有告诉我一些更有用的信息?
采纳答案by C. Dragon 76
If you haven't already done so, I'd first try changing the restUrl to something simpler like a static HTML page on the same server (or if need be on your own server) just to verify your main code works.
如果您还没有这样做,我会首先尝试将 restUrl 更改为更简单的内容,例如同一服务器(或者如果需要在您自己的服务器上)上的静态 HTML 页面,以验证您的主要代码是否有效。
Assuming the security exception is specific to that REST URL (or site), you might take a look at the URL Access Restrictions in Silverlight 2article. There are some non-obvious security rules involving file types and "internet zones" in addition to the more well-known cross domain rules.
假设安全异常特定于该 REST URL(或站点),您可以查看Silverlight 2文章中的URL 访问限制。除了更广为人知的跨域规则之外,还有一些不明显的安全规则涉及文件类型和“互联网区域”。
I second the complaint about many exception messages in Silverlight not being very helpful. The above referenced MSDN article contains an amusing note:
我第二次抱怨 Silverlight 中的许多异常消息不是很有帮助。上面引用的 MSDN 文章包含一个有趣的注释:
When users get an error that results from one of these access policies being violated, the error may not indicate the exact cause.
当用户收到因违反这些访问策略之一而导致的错误时,该错误可能不会指明确切原因。
回答by I liked the old Stack Overflow
Loading HTML pages from a "Trusted Site" failed for my local application (http://localhost/) - until I added localhost to the list of Trusted Sites.
我的本地应用程序 ( http://localhost/)从“受信任的站点”加载 HTML 页面失败- 直到我将 localhost 添加到受信任的站点列表。
Silverlight prevents "cross zone" calls (in my case Local Network vs. Trusted Sites) and "cross scheme" calls (e. g. http vs. https).
Silverlight 可防止“跨区域”调用(在我的情况下是本地网络与受信任站点)和“跨方案”调用(例如 http 与 https)。
And so far it only works with a "crossdomain.xml" file. I tried "clientaccesspolicy.xml" first, but didn't get it going.
到目前为止,它只适用于“crossdomain.xml”文件。我首先尝试了“clientaccesspolicy.xml”,但没有成功。
回答by Ruth
I couldn't do cross domain REST HTTP deletes without adding http-methods="*" to the allow-from element in the clientaccesspolicy.xml. When I added the http-methods attribute, then everything worked and the SecurityException stopped happening.
如果不将 http-methods="*" 添加到 clientaccesspolicy.xml 中的 allow-from 元素,我就无法进行跨域 REST HTTP 删除。当我添加 http-methods 属性时,一切正常,SecurityException 停止发生。
