Blog Elements

Half Sized Blog Element (Single Author Style)

Half Sized Blog Element (Multi Author Style)

General, Knowledge Base, PowerForms Siverlight

Network Security Access Restrictions in Silverlight

Cross-domain service access in Silverlight Silverlight uses services as its primary source of retrieving data across domain boundaries. To prevent applications from launching malicious attacks on web sites, Silverlight uses opt-in cross-domain access. A web site needs to be allowed to receive and respond to requests being made from a particular domain. This safe-guarding role […]

August 15, 2017/by Konstantinos

General, Knowledge Base, PowerForms Siverlight

Setup an audit mechanism

You can implement an auditing procedure for your data forms using the “After Update Post Url” property (Options tab). If you declare a web page in that property, a web post containing the action (preinsert, preupdate, predelete, postinsert, postupdate, postdelete) and a list of field name/field value pairs, will be made after each insert, update or […]

August 15, 2017/by Konstantinos

General, Knowledge Base, PowerForms Siverlight

Network Security Access Restrictions in Silverlight

August 15, 2017/by Konstantinos

General, Knowledge Base, PowerForms Siverlight

Setup an audit mechanism

August 15, 2017/by Konstantinos

Full Sized Blog Element (Big Preview Pic)

General, Knowledge Base, PowerForms Siverlight

Network Security Access Restrictions in Silverlight

Cross-domain service access in Silverlight

Silverlight uses services as its primary source of retrieving data across domain boundaries. To prevent applications from launching malicious attacks on web sites, Silverlight uses opt-in cross-domain access. A web site needs to be allowed to receive and respond to requests being made from a particular domain. This safe-guarding role is being undertaken by a clientaccesspolicy.xml file.

Suppose we have a Silverlight application hosted on http://sharepointSite.com/ (where the XAP file is deployed). This application has a service backend that retrieves data from http://sharepointService.com/. These are obviously located on two separate domains and we have a cross-domain issue. By default, this scenario will not work. We need to create a clientaccesspolicy.xml file on the http://sharepointService.com/ site that will allow calls from http://sharepointSite.com/. The file must be copied on the root of the site (http://sharepointService.com/clientaccesspolicy.xml). On IIS, we would simply copy the clientaccesspolicy.xml file on the root of our website (default IIS: c:\inetpub\wwwroot folder).

The clientaccesspolicy.xml file is located where the service is hosted. This is a very important point. The clientacesspolicy.xml NEEDS to be deployed on the server hosting the WCF service so that Silverlight can properly consume it.

Example clientaccesspolicy.xml file that grants all domains access:

Example clientaccesspolicy.xml file that grants access ONLY to sharepointSite.com:

Silverlight Policy File Format

• allow-from

Nested within this part of the policy lie all the domains/sites which are allowed access to Silverlight resources. All domains not listed in the policy will be denied access. If allow-from is left empty, then no sites will be allowed access.

• http-request-headers

By Default, no headers are allowed. Wildcard character “*” can be used to declare that all request headers can be sent. Example http headers: MyHeader, X-API-*

<allow-from http-request-headers=”MyHeader, X-API-*”>

• domain uri

E.g.

Used to list the domains that are allowed to access the Silverlight sources defined in the clientaccesspolicy.xml policy file.

The following types of wildcards are accepted:

1. Wildcard character ‘*’ can be used alone to declare that all connections are allowed from same Silverlight schemed applications hosted on any domain.

2. “http://*” accepts all connections from HTTP applications on any domain.

3. Port numbers can also be used to restrict access, defining that connections from the said port will only be allowed access.

4. ‘*.’ is defined as the sub domain wildcard option followed by the rest of the hostname. This will allow connections from Silverlight applications hosted on any sub domain of “sharepointSite.com “.

• grant-to

Defines the server’s resources affected by the policy.

• path, include-subpaths

It refers to a specific path that can represent a web service or a file.

“include-subpaths” specifies whether sub-paths of the defined resource path are allowed access. A “true” value will allow access to a designated path and any appended sub-paths. A “false” value will only allow a match to the exact path designated by the path attribute. The default value is false.

For the above resource path, these resources can be accessed from Silverlight HTTP applications hosted on any site:

/test#intro

/test?id=1

For the above resource path, these resources cannot be accessed:

/test/

/test.txt

/test/example

/test/example.txt

/test/example?id=1

/test/example#intro

/web

The Silverlight policy file for connections can also be used for sockets:

<socket-resource port=”4502-4506″ protocol=”tcp” />

August 15, 2017/by Konstantinos

General, Knowledge Base, PowerForms Siverlight

Setup an audit mechanism

You can implement an auditing procedure for your data forms using the “After Update Post Url” property (Options tab).

If you declare a web page in that property, a web post containing the action (preinsert, preupdate, predelete, postinsert, postupdate, postdelete) and a list of field name/field value pairs, will be made after each insert, update or delete action in the form.

For example if you write the following C# code in the audit page :

Code

string path = Server.MapPath(“.”) + “\\log.txt“;
System.IO.StreamWriter w = new System.IO.StreamWriter(path, true);

w.WriteLine(“###########################”);
foreach (string key in this.Request.Form.Keys)
{
w.WriteLine(key + ” = ” + Request.Form[key]);
}
w.Close();

Something like the following will appear in the log file:

Code

###########################
_action = postupdate
_user = administrator
ContentTypeId = 0x01000CE17A83B943CD42A44746C0A4C20AE7
Title = This is the Title
_ModerationComments =
LinkTitleNoMenu = This is the Title
LinkTitle = This is the Title
File_x0020_Type =
ID = 1
ContentType = Item
Modified = 2011-10-14 11:15:49
Created = 2011-10-14 10:55:42
Author = 1;#administrator
Editor = 1;#administrator
_HasCopyDestinations =
_CopySource =
owshiddenversion = 5
WorkflowVersion = 1
_UIVersion = 512
_UIVersionString = 1.0
Attachments = 0
_ModerationStatus = 0
Edit =
SelectTitle = 1
InstanceID =
Order = 100
GUID = {FFCB0333-0760-4E0D-A915-DB5ECFDCCF42}
WorkflowInstanceID =
FileRef = /ET/Lists/Departments/1_.000
FileDirRef = 1;#ET/Lists/Departments
Last_x0020_Modified = 2011-10-14 10:55:42
Created_x0020_Date = 2011-10-14 10:55:42
FSObjType = 0
PermMask = 0x7fffffffffffffff
FileLeafRef = 1_.000
UniqueId = a6b9763b-f0e3-438e-86fe-8f77932dc40f
ProgId =
ScopeId = {E98C719C-C0F4-4151-81BC-BDC753D63E62}
HTML_x0020_File_x0020_Type =
_EditMenuTableStart = 1_.000
_EditMenuTableEnd = 1
LinkFilenameNoMenu = 1_.000
LinkFilename = 1_.000
DocIcon =
ServerUrl = /ET/Lists/Departments/1_.000
EncodedAbsUrl = http://serverName/ET/Lists/Departments/1_.000
BaseName = 1_
MetaInfo =
_Level = 1
_IsCurrentVersion = 1

August 15, 2017/by Konstantinos