Why does setting WebOperationContext.Current.OutgoingResponse.StatusCode = HttpStatusCode.Redirect cause SecurityException?

Question

I'm working on a Rest Service in .Net 4, and I need to perform a redirect.

A little description of what I'm doing: I have a silverlight application that contains a button. When I click the button, I send a POST request to my REST service with some information. From that information, I create a URL and (try to) redirect the browser. Here's the code for the method in the service:

[WebInvoke(Method = "POST", UriTemplate = "OpenBinder")]
public void OpenBinder(int someId)
{
    string url = getUrl(someId);
    if (WebOperationContext.Current != null)
    {
        WebOperationContext.Current.OutgoingResponse.Location = url;
        WebOperationContext.Current.OutgoingResponse.StatusCode = HttpStatusCode.Redirect;
    }
}

This seems to execute correctly, but when I call EndGetResponse on the client, I see that a "Security Error" occurred. It's System.Security.SecurityException, but I don't get any more details than that. Any ideas on what could be going on here?

Answer 1

Without more info, I am not sure what your specific security error is, but generally with this type of situation, your redirect should happen on the client side in the response handler. Can you restructure your code to have the client redirect?

Answer 2

OK, so my code was actually working correctly. When I looked through Fiddler, I noticed it was it was making the correct request to the Url. The problem was clientacesspolicy.xml was stopping it.