The missing link in my IIS7 + Silverlight 3.0 + WCF Service app is the cross domain policy. Are there any instructions on how to create/obtain such a policy. I understand that there are two xml files that need to go in the web root of the app. What do I put in them, how do I format them, does some template exist which indicates which fields need to be filled in? Are there instructions somewhere on msdn which explain how to do this? I'm just about out of possible terms to query google with, any pointers would be appreciated.
Thanks,
Brian
Silverlight looks for clientaccesspolicy.xml (which is specific to silverlight) if thats not found it will fall back on crossdomain.xml which can also be used by flash for instance. You only need one of those (sockets only work with clientaccesspolicy.xml but webclient and http work with both).
Lets stick with clientaccesspolicy.xml for now since there are less caveats and the crossdomain.xml support was only added to catch up with flash since public services like flickr already have one.
The DTD including description for clientaccesspolicy.xml is at this page on MSDN
this basic example should get your started
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/> <!-- Allows calls from every domain -->
</allow-from>
<grant-to>
<resource path="/api" include-subpaths="false"/> <!-- Only allows domain/api? to be called nothing else including api.txt, api/foo etc... -->
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
Well, I think this might be the answer, but other answers are certainly welcome for discussion, esp. since we cant close the thread yet anyway...
http://timheuer.com/blog/archive/2008/04/06/silverlight-cross-domain-policy-file-snippet-intellisense.aspx
Related
We have a WCF Service that is working fine, there are 4 customers using this service without problems, but I have this one customer who is complaining that he can't call the webservice anymore for the last few days.
We did not change anything since October and he also claims he did not change anything.
As I said, I have other customers using this service just fine and we also can call the service from SOAP UI. We even tried to create a new isolated machine in AWS and call the service in order to make sure it is not something like a firewall issue blocking the communication from outside our network.
For what I can see from the stack trace he sent me, this customer uses Sonic ESB to call our service. I really don't understand how Sonic ESB works but my guess is that the error is caused by Sonic ESB, not my service. It is like it creates an "adapter" in between his application and my service.
Which led me this following conclusion:
1) Looking at his request XML (he sent me) I can see that it does not match the WSDL I have provided, for instance:
(I have changed few names and values for obvious reasons)
<CreateOrderGatewayCompanyName> --> This would be just CreateOrderGateway
<header> --> this header seems specific to Sonic ESB, nothing to do with us
<user>123414714</user>
<idProcess>5411251</idProcess>
<channel>EB</channel>
<ip>[ip number here]</ip>
<sessionId>1fd5a3f4d8f4dsa5f4dsaf4dsf1da5.xyz</sessionId>
</header>
<body>
<idCampania>xyz</idCampania> --> This would be "CampaignId"
...
<order>
...
<fecha>2016-12-21</fecha> --> This would be "Date"
...
</order>
</body>
</CreateOrderGatewayCompanyName>
So I can only conclude that somewhere in the process, the ESB will convert this weird XML in the proper SOAP request format my service is expecting.
2) Looking at the exception stack trace he sent me, I can see this 404 error:
<?xml version="1.0" encoding="UTF-8"?>
<exception xmlns="http://www.sonicsw.com/sonicesb/exception">
<message>Exception while retrieving soap envelope from response:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Not Found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Not Found</h2>
<hr><p>HTTP Error 404. The requested resource is not found.</p>
</BODY></HTML>
</message>
<class>com.sonicsw.xqimpl.invkimpl.wsif.providers.axissoap.SoapProviderInvocationException</class>
<detail/>
<stackTrace><![CDATA[org.xml.sax.SAXParseException: White spaces are required between publicId and systemId.
at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source)
at org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown Source)
...
And here is the thing, this 404 HTML code that he is getting as a response DOES NOT come from my server because we use IIS 8.5 and the 404 error page of IIS does not look like this one, the HTML is different and the message is different as well. It would be something like:
“404 - File or directory not found.
The resource you are looking for might have been removed, had its name changed,..”
So does anyone know if this Sonic ESB actually creates an adapter or proxy in the middle of the applications? And if someone already have experienced an error like this what would be the cause? I'm 100% positive my service is working fine.
Did your customer sent the actual soap request that is being sent?
He can enable the actual webservice invocation (the easiest way is to do it from the admin console).
http://knowledgebase.progress.com/articles/Article/S6498
After knowing the exact soap request that it is being sent, it will be easier to debug.
Also I recommend that you enable for some minutes the traces of requests in your server when he tests to discard that any other modifications are done in the middle.
It turns out that a network trace (wireshark) on my server revealed that my customer's proxy was modifying the "Host" of the request, for instance, instead of
Host: ourdomain.com
It was modified like
Host: proxy.customer.com:8080
So when this request arrived at the IIS server, the binding was configured to "ourdomain.com" and then it dropped the request. For some weird reason, a guy named "Microsoft HTTPAPI" returned the reply with that 404 error page my customer was getting on their application.
So we have fixed the problem changing our IIS bindings because I don't want to wait my customer to investigate what the hell is his proxy doing with the host name.
I am trying to prevent unauthorized access to all files within some of my media libraries in Kentico v9.0. I intend to only provide access to certain libraries via Kentico Role membership and global admins only.
I have followed the guide published here: Securing media libraries and it seems to work fine: Direct URL path access results in a 401.2 - Unauthorized message, regardless of user authentication state and role membership. And I have a media gallery web part set up correctly to provide the permanent URLs, which also work as I expect them to.
However, I have another requirement; which is to serve up a ~/googlesitemap.xml file. I followed the guide published here: Google Sitemaps, which instructs me to provide an attribute to the system.webServer/modules node in the web.config:
<modules runAllManagedModulesForAllRequests="true">
...
</modules>
However, when I add the above, then any authenticated user can gain access to my media library files if they enter in the full URL. This violates my attempts at media library access based on role membership; since I dont want users in other roles to be able to get at the files.
I have tried to exclude all media library files from the re-writing engine by adding my media folder root as an Excluded URL in Settings > URLs and SEO > URL Format > Excluded URLs... but this doesn't appear to help.
Any suggestions would be highly welcome!
As far as I know runAllManagedModulesForAllRequests attribute is mandatory only for different extensions (different from .aspx). If you are using IIS 7 or above you can omit this attribute in your web.config (see source).
Note: In ASP.NET websites, the value of runAllManagedModulesForAllRequests previously had to be set to true to support routing. However, once IIS 7 has been updated with a Service Pack, the value of runAllManagedModulesForAllRequests can be set to false or omitted when working with ASP.NET routing. For more information, see ASP.NET Routing on the MSDN website.
So quick fix: Do not add this attribute to web.config and your media gallery (permissions) should work as you wish.
EDIT: So I think I have got solution for you. It seems that runAllmanagedModulesForAllRequests attribute kills Anonymous Authentication setting so Kentico serves data after successful authentication. I`ve found workaround so you can forbid access to media library. Try to add something like:
<location path="MySite/media/MyMediaLibrary">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
into your web.config inside configuration section.
I'm new with html 5 adaptive streaming and information out there is quite conflicting. I want to create an test environment on my windows server cloud streaming a 2hours h264 file and play on my local computer with an html5 player.
Question:
Why Do I need Dash.js to play the Mpeg dash video?
Is Dash.js something I have to install in the server(sounds obvious) or client(sounds weird)?
DASH videos, like any other videos, involve two parts: a serve serves the videos and a player consumes them and presents them to the user. I will explain what is needed on both sides.
Serving DASH videos
Pieces of DASH videos can be delivered over HTTP or HTTPS by any modern web server - Apache, ngnix, IIS and others. No plugin or additional software is needed on the server side to serve DASH videos - they are just files and every web server knows how to serve files. You may need to do some configuration, however.
Most web servers have a list of MIME types of the files they are allowed to serve - you do usually need to add DASH videos to this list, since the default settings tend to be restrictive for security reasons and do not allow DASH videos to be streamed.
Here is an example web.config for IIS that allows DASH videos to be served:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<staticContent>
<remove fileExtension=".m4s" />
<mimeMap fileExtension=".m4s" mimeType="video/mp4" />
<remove fileExtension=".mpd" />
<mimeMap fileExtension=".mpd" mimeType="application/dash+xml" />
<remove fileExtension=".m4f" />
<mimeMap fileExtension=".m4f" mimeType="video/mp4" />
<remove fileExtension=".m4a" />
<mimeMap fileExtension=".m4a" mimeType="video/mp4" />
</staticContent>
</system.webServer>
</configuration>
The different video/mp4 elements are there since different DASH encoders name their files differently.
Some DASH players, especially web-based ones, may also require the server to support cross-origin resource sharing (CORS). This is a security mechanism that helps prevent malicious websites from operating by enabling you to choose what sites your content can be displayed on. The exact CORS headers your server needs to provide also depend on the player - in some situations, additional headers are used and must be explicitly enabled. I will leave the details of CORS out of scope of this answer. Here is a simple example IIS configuration that allows any website to consume the served videos:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
Playing DASH videos
You need a player, obviously. There exist different types of players: stand-alone desktop apps (e.g. VLC), player SDKs for Android/iOS apps (e.g. ExoPlayer and Microsoft PlayReady Client SDK) and players for websites (e.g. dash.js and Bitdash). On Windows 10, Internet Explorer will even include a built-in player for DASH videos.
This is where dash.js comes in - it is a player. You put it in your website if you want your website to play videos. There are also different players available.
Depending on how you wish to offer content to the end-user you choose a player and, if not a stand alone player, embed it into your app or website. You provide the URL to the player and it will do its thing. Simple.
Website-based players require the server to support CORS but stand-alone or app-hosted players do not require it.
Why you need dash.js for streaming MPEG-DASH videos
You need it because web browsers do not natively support DASH, as they are not required to do so. Web browsers are, however, required to support Media Source Extensions (MSE). For (newer) browser versions that do implement MSE, their 'basic' supported media sources like MP4 can be supplemented by DASH simply by inclusion of Javascript libraries like dash.js. This is much more flexible (and future-proof) than the older routine of requiring users to install plugins like Flash Player to play non-basic media types.
Client-side setup
You also asked whether dash.js is something that needs to be installed server-side or client-side. Sander has written about any server-side setup that may be necessary to accommodate serving the files, so I'll add an explanation of how to implement it client-side.
From the dash.js GitHub page:
<script src="http://cdn.dashjs.org/latest/dash.all.min.js"></script>
...
<style>
video {
width: 640px;
height: 360px;
}
</style>
...
<body>
<div>
<video data-dashjs-player autoplay src="http://dash.edgesuite.net/envivio/EnvivioDash3/manifest.mpd" controls></video>
</div>
</body>
Note that if you want to do Clear Key encryption too, you'll need to serve bot the video file and dash.all.min.js from a secure context (eg. TLS). And if you want to use xhtml format rather than html, you'll need to add ="true" after each boolean property on the <video> element.
I am a newbie to MuleESB. I want to create a registration form using Mule but I am stuck.
I don't know how to display index.jsp on start-up of your application. I already gone through BookStore example but couldn't get efficient information.
I created a web.xml under src->main->app->webapps->WEB-INF->web.xml
*<web-app....>
<listener>
<listener-class>org.mule.config.builders.MuleXmlBuilderContextListener</listener-class>
</listener>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>*
Any Help or suggestions.
You're missing a web application context directory under: src->main->app->webapps->WEB-INF->web.xml, ie you should have something like: src->main->app->webapps->my-context->WEB-INF->web.xml.
Follow the BookStore example carefully and you should have no difficulty reaching your goal.
I've got a Silverlight4 app that I'm running on https, deployed to Azure. Everything's working except for one small glitch. I've got content in the form of jpg thumbnails and associated zip files with a .gld extension. My app is supposed to display the thumbnails, and allow the users to download the associated .gld/zip files.
The downloads works fine, but, the thumbnails won't display in my UI. I get AG_E_NETWORK_ERROR from my ImageFailed handler. I do have a clientaccesspolicy.xml file in the root of my cdn domain. Fiddler does not show Silverlight accessing this file.
Here's the clientaccesspolicy.xml:
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
<domain uri="http://*"/
<domain uri="https://*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true" />
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
I'm stumped as to how Silverlight can access the downloadable content, but not the image files. The app does pick up the thumbnails if I deploy them to blob storage in azure (with the same clientaccesspolicy.xml file in the $root folder), but it would be ideal if I can continue the same file structure that already exists on my cdn provider.
Everything displays perfectly if the Silverlight app runs in http rather than https.
Thanks in advance for any ideas!
Michael Conner
thanks for all the suggestions - have tried them all -- still no luck, sadly. ImageFailed event for bitmap doesn't give much detail, unfortunately. I think we maybe be up against the cross-scheme restriction on image files.
You are missing a ">" in line 7.
Check the uri used in fiddler or the like, check images are using https
try to implement more debug output - maybe like this:
You can trap the error. BitmapImage, Image, ImageBrush, MultiScaleImage all have an ImageFailed event. Just set an event handler to it.
or try this:
<allow-from http-request-headers="*">
I know it's a very old question but if someone is still stuck in a similar situation
Silverlight does not allow cross scheme access. You will have to have either http on both ends or https. From MSDN : URL Access Restrictions in Silverlight
If you want to host your Silverlight application and store your
images on different servers, the restrictions are as follows: You
cannot store your images on a site that uses the HTTPS scheme if you
are hosting your application on an HTTP site (cross-scheme).
You can store your images on a cross-domain site as long as the
scheme of that cross-domain site is the same as the scheme of the
site hosting your application.
Silverlight applications running on Windows cannot store images on a
server in the Local Intranet zone if the application was downloaded
from the Internet zone (cross-zone), except if the target domain is
localhost.
You can redirect to another image URL as long as the URL uses the
same scheme.