As some of the feeds are placed under "/posts" (e.g.
http://channel9.msdn.com/posts/pdc2008/RSS/ ) could you add this to the clientaccesspolicy.xml file as well? This would enable access to this information from Silverlight applications.
Thanks
Klaus
-
Follow
Oops, something didn't work.
Sign In to be begin to follow this thread
What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in. You need to be signed in to Channel 9 to use this feature.Getting "follow" information
Start following this thread
What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in and view them all on your notifications page.Removing your "follow"
Setting up your "follow"
Did you know you can
sign up for email notifications?
-
-
Duncanma
"yeah that's awful close, but that's not why I'm so hard done by"
Actually I can't, although I do understand why you would want us to.
The danger of any client access policy is that it could be used to take an action on behalf of the user without their knowledge or permission. Assuming you have valid authentication cookies in place, a Silverlight app could send a http request to any allowed URL on Channel 9 and create a post, edit something, post a reply, etc....
That isn't a risk when we only allow access to /Feeds/RSS because that is completely a read-only path within our site, there is no ability to take any action at that location. If we opened up access to /posts/* for example though, then individual entries also fall within that path and the Silverlight app could create comments on your behalf. This would be solved if there was a more complex method of creating allowed paths within the client access policy file (something like regex or the simpler mapping syntax using in MVC routing), but as is we'd have to add a line to that file for each and every blog/show on our site. That isn't actually all that crazy, but I would definitely need to move the file to being a generated result instead of what it is right now, a static file. -
That's OK...Duncanma said:Actually I can't, although I do understand why you would want us to.
The danger of any client access policy is that it could be used to take an action on behalf of the user without their knowledge or permission. Assuming you have valid authentication cookies in place, a Silverlight app could send a http request to any allowed URL on Channel 9 and create a post, edit something, post a reply, etc....
That isn't a risk when we only allow access to /Feeds/RSS because that is completely a read-only path within our site, there is no ability to take any action at that location. If we opened up access to /posts/* for example though, then individual entries also fall within that path and the Silverlight app could create comments on your behalf. This would be solved if there was a more complex method of creating allowed paths within the client access policy file (something like regex or the simpler mapping syntax using in MVC routing), but as is we'd have to add a line to that file for each and every blog/show on our site. That isn't actually all that crazy, but I would definitely need to move the file to being a generated result instead of what it is right now, a static file.
So the issue is more that many of the RSS feeds that Channel 9 is publishing is not placed under /Feeds/* ?
It is not that important. I was just working with a small hobby project that could show the PDC 2008 videos more like the way it was done on the Mix08 web site, and I was blocked by having no access to the PDC 2008 rss feed.
Another example: If I was interested in all the post from Dan Fernandez the feed is http://channel9.msdn.com/Niners/Dan/RSS/ - and again (this time under /Niners/*) this is not directly accessible from Silverlight.
No harm done. I'll find way around it (maybe by putting up a webservice between the Silverlight app. and the feed) - or another hobby project
Keep up the good work. I really enjoy the site and all videos
Cheers
Klaus
Thread Closed
This thread is kinda stale and has been closed but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.