asp.net web api security error from silverlight client

Question

I am trying to access an ASP.NET WEB API service from a Silverlight client and am getting an error returned from the webclient of "Security Error." The service works fine from Fiddler or from a browser.

My clientacesspolicy.xml on the Silverlight host site looks like this:

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
  <cross-domain-access>
    <policy>
      <allow-from http-request-headers="*" http-methods="*">
        <domain uri="*" />
      </allow-from>
      <grant-to>
        <resource path="/" include-subpaths="true" />
      </grant-to>
    </policy>
  </cross-domain-access>
</access-policy>

I thought this should allow me to access any site.

The ASP.NET WEB API is VS 2012 running from the debugger in IIS Express. It never gets hit from the Silverlight client.

Update: Duh, it helps if you put the clientaccesspolicy.xml on the root folder of the service being accessed. I had it in the root of the Silverlight app, which would only help for services hosted there...

Answer 1

put your clientacesspolicy.xml in the root of your webapi site not the silverlight