URL Access Restrictions in Silverlight

For security reasons, the Silverlight runtime restricts access to certain classes of URLs from the WebClient and HTTP classes in the System.Net namespace. There are similar access restrictions applied by the runtime to other classes including the Image and MediaElement classes in the System.Windows.Controls namespace. The runtime also applies access restrictions to XAML source files and font files based on the class of URL. These restrictions are implemented in the Silverlight 2 and later runtime.

The connections affected are access to cross-zone, cross-domain, and cross-scheme URLs. These restrictions are designed to prevent networking threats (for example, threats based on a Silverlight application run from an internet server getting access to resources on a local intranet server).

The common URL classes are as follows:

• Cross-scheme URL: A Silverlight application downloaded from an HTML page from a web server with one scheme (HTTP, for example) tries to access resources from the same server or a different server using a different scheme (HTTPS, for example).

Expand table

Note:
You can access resources with a cross-scheme URL (allowed between HTTP and HTTPS) on Silverlight, but you need to explicitly enable this with a security policy file. See Network Security Access Restrictions in Silverlight topic for more information.

• Cross-domain URL: A Silverlight application downloaded from a web server tries to access resources on a different target server (for example, an application that is hosted on www.contoso.com trying to access content on www.fabrikam.com). The Silverlight runtime commonly uses security policy files downloaded from the target server to determine if this access should be allowed. 

Expand table

Note:
You can access resources cross domain on Silverlight, but you need to explicitly enable this with a security policy file. See Network Security Access Restrictions in Silverlight topic for more information.

• Cross-zone URL: Internet Explorer defines the concept of security zones with a security level assigned to each zone. Four zones are defined: Internet, Local intranet, Trusted sites, and Restricted sites. In addition, the local machine is also considered to be another zone. A Silverlight application downloaded from a web server in one security zone tries to access resources on a target server in a different security zone. Cross-zone access restrictions are designed to prevent a Silverlight application downloaded from a server in the Internet zone from accessing resources in the more trusted Local Intranet, Trusted Sites, and local machine zones. This prevents a Silverlight application run from a remote internet server from getting access to resources on the local intranet and other resources (an elevation of privilege). Cross-zone access is blocked even if a security policy file on the target server would allow the resource to be accessed. Note that cross-zone access is not restricted for applications downloaded from the server in the Local intranet zone to resources on an internet server. However, any access cross-domain requires a security policy file. Cross-zone access restrictions are implemented only for Silverlight 2 and later applications running on Windows. The concept of security zones and cross-zone access is not currently supported for Silverlight applications running on the Apple OS X.

The table below summarizes the rules that restrict access to URLs from the WebClient and HTTP classes in the System.Net namespace and also includes the restrictions on some other Silverlight classes and components.

Expand table

Note:
When users get an error that results from one of these access policies being violated, the error may not indicate the exact cause.

If you have a Silverlight application that is hosted on one Web server and you try to use WebClient and HTTP classes in the System.Net namespace from this application to access a resource that stored on another web server (a cross-domain URL), the request will fail unless a security policy file is made available on the other server that explicitly allows this access. The request will also fail on Windows if the Silverlight application was downloaded from the Internet zone and the cross-domain URL is to the site in a more restrictive zone (Local intranet, Trusted sites, or local machine) even if a security policy is made available.

If you want to host your Silverlight application and store your images on different servers, the restrictions are as follows:

• You cannot store your images on a site that uses the HTTPS scheme if you are hosting your application on an HTTP site (cross-scheme).

• You can store your images on a cross-domain site as long as the scheme of that cross-domain site is the same as the scheme of the site hosting your application.

• Silverlight applications running on Windows cannot store images on a server in the Local Intranet zone if the application was downloaded from the Internet zone (cross-zone), except if the target domain is localhost.

• You can redirect to another image URL as long as the URL uses the same scheme.