Question

我遇到了一个问题，无法通过Silverlight访问SharePoint Webservice。

An error occurred while trying to make a request to URI http://sample:8000/_vti_bin/Authentication.asmx . This could be due to attempting to access a service in a cross-domain way without a proper cross-domain policy in place, or a policy that is unsuitable for SOAP services. You may need to contact the owner of the service to publish a cross-domain policy file and to ensure it allows SOAP-related HTTP headers to be sent. Please see the inner exception for more details.

一些问题:

How do I correctly deploy clientaccesspolicy.xml over Sharepoint Designer? Simply open site in designer, add file and then publish?
The site where clientaccesspolicy.xml should be deployed use forms authentication. I wasn t able to use Sharepoint Designer to publish there. Because of that, I created new zone for this site, which use Windows Authentication and published clientaccesspolicy.xml there. Both use same content database, didn t ?
If clientaccesspolicy.xml will be published, how can I allow this file be accessed anonymously?

Regards Anton Kalcik

Answer 1

以下是我问题1和2的答案：

In Sharepoint Designer you open the site over: File -> Open Site -> In text field "Site name:" type URL of your site. Than drag & drop clientaccesspolicy.xml in root of your site.
If you have Form Authentication, you don t need for this step create new zone (but for some reasons it can be useful). You simply open web browser and type URL of your site. Then fill up text fields (always with user that have administrator privileges) and check "Sign me in automatically". After that will Sharepoint designer use this credentials for specified URL.

如果你能帮我回答第三个问题，或者你有其他解决方案，如何从Silverlight访问clientaccesspolicy.xml，那就发表一下吧！

Answer 2

我们在项目中处理这个问题的方式是使用HTTP处理程序。我们使用一个特性将clientaccesspolicy.xml文件放置在_layouts目录中（这个目录是在SharePoint站点之间共享的），你也可以手动将其复制到那里。

然后我们将我们的HTTP处理程序添加到web.config的处理程序部分中。在我们的处理程序中，我们检查请求是否为/clientaccesspolicy.xml，如果是，我们会重写路径：

if (path.ToLowerInvariant() == "/clientaccesspolicy.xml")
{
    HttpContext.Current.RewritePath("/_layouts/clientaccesspolicy.xml");
}

我不确定这是否可以绕过安全，因此它可能无法完全解决您的问题。但至少它为您提供了一种访问此文件的方法。

Answer 3

That is fine.
It should be, provided you haven t setup a whole new site somehow.
It shouldn t be as that would be a security risk. If you need to authenticate via WindowsAuth for the services so should you for the clientaccesspolicy.xml.

Answer 4

请记住，clientaccesspolicy.xml必须位于域根处。在您的示例中，它必须从http://sample:8000/clientaccesspolicy.xml访问。如果您无法从浏览器以该URL打开它，则您的Silverlight客户端也无法找到它。

将文件放在正确的位置最简单的方法是通过FTP或资源管理器将其复制到那里。该文件应该对匿名用户可用（当然只读）。

Answer 5

我发现实现SharePoint httpHandler的更可靠方式：它返回clientaccesspolicy.xml的所有内容本身。

        public void ProcessRequest(HttpContext context) {
        if (context.Request.Path.ToLowerInvariant() == "/clientaccesspolicy.xml")            {
            context.Response.Write(@"<?xml version= 1.0  encoding= utf-8  ?><access-policy><cross-domain-access> "+
            @"<policy> <allow-from http-request-headers= * > <domain uri= *  /> </allow-from> <grant-to> "+
            @"<resource path= /  include-subpaths= true  /> </grant-to> </policy> "+
            @"</cross-domain-access> </access-policy>");
        }
    }

友情链接