If you are starting to get into integrating web services with Silverlight, you'll notice that you have to have a cross domain policy file in place on the target server, that is to say, the server hosting the service you want to implement. There are some public web services (Flickr, YouTube, Digg, etc.) that already have these files in place for Flash, but implement in a slightly different way.
When calling a cross-domain service, Silverlight will check for the existence of clientaccesspolicy.xml first. This is the format defined by Silverlight and provides a pretty flexible way to define who can access what services. If not found, it will then default to look for crossdomain.xml, which is the file format implemented for Adobe Flash. It is important to note that this file will also still work for most public web services.
But now perhaps you are the author of the service that your application is going to consume and/or the public will consume. There are a few things you want to consider. First, it would be a best practice to put your service layer on a separate domain other than your site (i.e., api.mysite.com). In fact, this is how most are doing it these days. These helps separate more distinctly the services from the web site and also separates the cross-domain security concerns away from the content site versus API access. Once you have done that you'll want to implement your specific clientaccesspolicy.xml file.
When Silverlight 2 was released to beta, I created some quick helper files to assist me with creating this simple policy file (it is simple, but can get complex depending on how granular you want to define your access). I figured it might be helpful to some who are implementing services as well. Sure, they aren't going to save the world, but might save you some quick typing.
Visual Studio Code Snippet
The slcap.vsi file is a Visual Studio Community Installer package which contains "slcap.snippet," which is a Visual Studio code snippet format. This is an XML snippet, so would be used only in the context of an XML file. Just double-click on the .vsi file to install and it will walk you through the steps. I recommend just keeping the defaults. After it is complete, you now have an Intellisense snippet. To use it and create a new clientaccesspolicy.xml add a new XML file to your web service site/project named clientaccesspolicy.xml. It will open a blank XML file by default. Select all text (CTRL+A). Then hit the keyboard shortcut for launching XML snippets, CTRL+K,X.
NOTE: For some reason XML snippets don't operate like C#/VB ones do where you type the shortcut, then TAB, TAB. If anyone knows why, let me know :-)
This will bring up the navigator, then simply navigate to the My XML Snippets, then locate the one you just installed:
Once you select it, there are three literal areas to override the defaults if you wanted.
UPDATE: As Sean probably ran into below (in comments), the above screenshot does not show the required http-request-headers attribute required on the allow-from node of the policy file. This is, however, updated in the Intellisense files and the code snippet template. Thanks Sean for pointing out the screenshot is wrong here.
If you are implementing a completely public web service (
