Silverlight and the Windows Azure AppFabric Service Bus

This blog post will show you how to allow a Silverlight application to call a service over the Windows Azure AppFabric Service Bus. The problem you need to solve is that Silverlight will look for a “clientaccesspolicy.xml” at the root uri of the service. When I tried it myself I couldn’t find any “how to” on this topic so I decided to turn this into a blog post. If anyone else has this blogged, sorry I am such a bad internet searcher Smile.

So, you’ve just build a nice Silverlight application that uses some WCF service you’re hosting locally. You’ve done all the steps to make it work on your machine, including the “clientaccesspolicy.xml” to enable cross-domain communication. The only thing is that you want to keep hosting the service locally and/or move it to another machine without updating the Silverlight client.

You’ve heard that the Windows Azure Service Bus allows you to do this more easily so you decide to use it. This is your current service configuration (notice the localhost address!).

Code Snippet
  1. <service name="SilverlightAndAppFabric.TheService" >
  2.   <endpoint name="HELLO"
  3.             address="http://localhost:1234/rest"
  4.             behaviorConfiguration="REST"
  5.             binding="webHttpBinding"
  6.             bindingConfiguration="default"
  7.             contract="SilverlightAndAppFabric.IHello" />
  8. </service>

What you now need to do is to move it to the AppFabric Service bus. This is easy. Of course you need to get a subscription for Windows Azure and set up the AppFabric service bus… Look for somewhere else on this, there’s lots of this around.

Then you change the address, binding and behavior like this:

You need an endpoint behavior, because your service needs to authenticate to the service bus (so they can send you the bill):

Code Snippet
  1. <endpointBehaviors>
  2.   <behavior name="REST">
  3.     <webHttp />
  4.     <transportClientEndpointBehavior>
  5.       <clientCredentials>
  6.         <sharedSecret
  7.           issuerName="owner"
  8.           issuerSecret="---your secret key here please---" />
  9.       </clientCredentials>
  10.     </transportClientEndpointBehavior>
  11.   </behavior>
  12. </endpointBehaviors>

You (might) need a binding configuration to allow clients to access your service anonymously:

Code Snippet
  1. <webHttpRelayBinding>
  2.   <binding name="default" >
  3.     <security relayClientAuthenticationType="None">
  4.     </security>
  5.   </binding>
  6. </webHttpRelayBinding>


And of course you need to change the endpoint to use the WebHttpRelayBinding:

Code Snippet
  1. <endpoint name="HELLO"
  2.           address=""
  3.           behaviorConfiguration="REST"
  4.           binding="webHttpRelayBinding"
  5.           bindingConfiguration="default"
  6.           contract="SilverlightAndAppFabric.IHello" />


This should to the trick. Yes, when you try the REST service using Internet Explorer you get back the intended result.

Now you update the address in your Silverlight application to use the service bus endpoint:

This is the old call:

Code Snippet
  1. wc.DownloadStringAsync(new Uri("http://localhost:1234/rest/hello"));


And you change it to:

Code Snippet
  1. wc.DownloadStringAsync(new Uri(""));


Please note the switch to https and the service bus address.

You run your Silverlight client and it fails with some strange security error! The problem is that Silverlight will try to access the clientaccesspolicy.xml file from your new address. Since this is now the service bus this will not work. To solve it you simply add another REST endpoint that will return the clientaccesspolicy from this Uri. Start with the service contract:

Code Snippet
  1. [ServiceContract]
  2. public interface IClientAccessPolicy
  3. {
  4.   [OperationContract]
  5.   [WebGet(UriTemplate = "clientaccesspolicy.xml")]
  6.   Message GetPolicyFile();
  7. }

Implement it:

Code Snippet
  1. public Message GetPolicyFile()
  2. {
  3.   WebOperationContext.Current.OutgoingRequest.ContentType = "text/xml";
  5.   using (FileStream stream = File.Open("clientaccesspolicy.xml", FileMode.Open))
  6.   {
  7.     using (XmlReader xmlReader = XmlReader.Create(stream))
  8.     {
  9.       Message m = Message.CreateMessage(MessageVersion.None, "", xmlReader);
  10.       using (MessageBuffer buffer = m.CreateBufferedCopy(1000))
  11.       {
  12.         return buffer.CreateMessage();
  13.       }
  14.     }
  15.   }
  16. }


And make sure it returns the right policy. This is what gave me a lot of headache, so here it is:

Code Snippet
  1. <?xml version="1.0" encoding="utf-8"?>
  2. <access-policy>
  3.   <cross-domain-access>
  4.     <policy>
  5.       <allow-from http-request-headers="*">
  6.         <domain uri="http://*"/>
  7.         <domain uri="https://*"/>
  8.       </allow-from>
  9.     �� <grant-to>
  10.         <resource path="/" include-subpaths="true"/>
  11.       </grant-to>
  12.     </policy>
  13.   </cross-domain-access>
  14. </access-policy>


Pay special attention to the allow-from element. By default this will allow SOAP calls, not REST calls.

For explanations read the documentation. You might want to edit it anyway.

Now add a similar REST endpoint, making sure the clientaccesspolicy is at the root level:

Code Snippet
  1. <endpoint name="CLIENTACCESSPOLICY"
  2.           address=""
  3.           behaviorConfiguration="REST"
  4.           binding="webHttpRelayBinding"
  5.           bindingConfiguration="default"
  6.           contract="SilverlightAndAppFabric.IClientAccessPolicy" />


Done! A working example (you will have to change the client credentials to your own) can be downloaded from the U2U site here.