It seems there is lots of confusion about getting Silverlight applications to access Services on a different domain to the one where the Silverlight application comes from.
It probably does not help that the example given here by Microsoft appear not to work:
http://msdn.microsoft.com/en-us/library/cc197955(v=vs.95).aspx
What is not made clear is that by default, the secure setting is set to true, so that this seems to only work for https connections. After much trial and error, I managed to get this to work:
<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="SOAPAction" secure="false"/>
</cross-domain-policy>
Note the secure=”false”. If you leave these out, they default to true.
The other point to note is that you MUST have domain=”*”. You cannot restrict by domain, you have to allow ALL domains access, which is not always what you want.
In that case, you MUST use a clientaccesspolicy.xml file instead, in which you can restrict the domains, as described in the Microsoft link above.
For example:
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="http://www.electricscribes.com"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
Good luck! Scribbles Out.