How to access cross domain Web services from Silverlight without a policy file

• Steven Porter
• Published: 23 Oct 2009

In a perfect world you would have access to all of the services your Silverlight application will call. Unfortunately, we don't live in a perfect world so you will almost certainly run into situations where your application will need to call a service which does not have a cross domain or client access policy file deployed with it. No worries, you have a couple of options to work around the issue.

Silverlight Web service support and policy files
With the release of Silverlight 2 and now version 3 you are provided with rich Web service support. Silverlight provides support to access many types of web services including POX, REST, and SOAP services. Just as you would for a WPF or ASP.NET application you have the option of adding service references to your Silverlight projects and calling services through the generated proxy. You can also utilize the WebClient and HttpWebRequest objects to manually call services.

Calling Web services through service proxies
The easiest solution to calling cross domain Web services which don't have a policy file is to use something called a man-in-the-middle proxy. This is simply a Web service that you create to act as a proxy between your Silverlight application and the Web services it doesn't have access to. In this scenario you will create the service proxy on the same domain as your Silverlight application and it will be the service your Silverlight application communicates with. Your proxy service will then, in turn, communicate with the destination service and forward any responses back appropriately.

Calling Web services utilizing JavaScript
A second solution is to access the destination service via JavaScript. Silverlight provides rich JavaScript interop functionality, through the HTML Bridge, which allows you to call JavaScript methods from your managed code and also allows JavaScript to call back into your managed code. With this support you will create JavaScript methods responsible for calling the destination service. You can do this either manually using the XMLHttpRequest object or by utilizing Web service support in a JavaScript library such as Microsoft's ASP.NET Ajax or JQuery.

Conclusion
Using the techniques described in this tip you will be able to call any Web service from Silverlight, even one without a cross domain policy file.

About the author
Steven Porter is a Senior Consultant and Project Manager for Wintellect, a consulting/debugging yand training firm founded by industry experts Jeff Prosise, Jeffrey Richter, and John Robbins. He specializes in technologies such as ASP.NET, ASP.NET Ajax, Silverlight, and WPF. Steve is a Microsoft MVP in Client Application Development and a frequent speaker at events such as user groups and code camps on topics ranging from Silverlight and WPF to Windows Communications Foundation.