In today’s article, we’re looking at cross-domain access to a service in Silverlight 4’s trusted applications.
As you may know, when accessing any service located in a domain different from the one in which the Silverlight application itself is hosted, Silverlight will check for a cross domain file being in place. Cross-domain policies prevent Silverlight applications to connect with services that are not in the same domain. However, a service can opt-in to be connected to if at the root of the domain, a cross-domain policy file has been deployed. Silverlight will check for its existence (the file should be named clientaccesspolicy.xml or crossdomain.xml, which is the cross-domain file of Flash) and if found, Silverlight will connect in a cross-domain manner.
Services such as Twitter and Facebook do not deploy this file anymore. Flickr does, meaning that we can connect to Flickr from a client-side Silverlight application. If we want to connect with Twitter from Silverlight, we have to create a service within the same domain as where the Silverlight application is hosted. This service can then communicate with Twitter and Silverlight can communicate with our service.
In Silverlight 4, the notion of trusted applications was added (we looked in this blog series already to some other concepts available when running a trusted application such as COM interop and local file access). If a Silverlight application is running as a trusted application, it can perform cross-domain calls, without there needing to be a cross domain policy file in place. That means that we can build a Twitter client as a trusted Silverlight application without having to build an extra service layer in between.
In the sample I have built for this post, I’m doing exactly that. Below is a screenshot. The UI of the application contains a templated ListBox. Note that the application is running OOB as a trusted application.
The code for this application is quite easy. It’s the same code we would write to access a “local” service, meaning a service in the same domain. Below is the code to access Twitter, an asynchronous web service call using the WebClient class.
public void GetPublicTimeLine()
string publicTimeLine = "http://twitter.com/statuses/public_timeline.xml";
WebClient client = new WebClient();
client.DownloadStringCompleted += new DownloadStringCompletedEventHandler
client.DownloadStringAsync(new Uri(publicTimeLine, UriKind.Absolute));
void client_DownloadStringCompleted(object sender, DownloadStringCompletedEventArgs e)
XDocument document = XDocument.Parse(e.Result);
twitterData = (from status in document.Descendants("status")
select new Tweet
Message = status.Element("text").Value.Trim(),
User = status.Element("user").Element("name").Value.Trim()
PublicTimeLineListBox.ItemsSource = twitterData;
This code is executed when a user clicks on the “Load Twitter Messages” button at the top. We do perform a check to see if the application is running OOB and is running with elevated permissions.
private void LoadTwitterButton_Click(object sender, RoutedEventArgs e)
if (Application.Current.IsRunningOutOfBrowser &&
//it's OK to access Twitter services cross domain now
Tomorrow, we will look at extending this sample by allowing to send credentials to Twitter to access personalized streams of tweets.
The complete sample can be downloaded here.SLTrustedTwitter.zip (269 KB)