http://channel9.msdn.com/clientaccesspolicy.xml

Posted By: KlausRM | Mar 1st @ 2:37 PM
page 1 of 1
Comments: 2 | Views: 797
#Mar 1st @ 2:37 PM
KlausRM
KlausRM
As some of the feeds are placed under "/posts" (e.g. http://channel9.msdn.com/posts/pdc2008/RSS/ ) could you add this to the clientaccesspolicy.xml file as well? This would enable access to this information from Silverlight applications.

Thanks
Klaus
#Mar 1st @ 9:48 PM
Duncanma
Duncanma
Just Coding for Fun...
Actually I can't, although I do understand why you would want us to.

The danger of any client access policy is that it could be used to take an action on behalf of the user without their knowledge or permission. Assuming you have valid authentication cookies in place, a Silverlight app could send a http request to any allowed URL on Channel 9 and create a post, edit something, post a reply, etc....

That isn't a risk when we only allow access to /Feeds/RSS because that is completely a read-only path within our site, there is no ability to take any action at that location. If we opened up access to /posts/* for example though, then individual entries also fall within that path and the Silverlight app could create comments on your behalf. This would be solved if there was a more complex method of creating allowed paths within the client access policy file (something like regex or the simpler mapping syntax using in MVC routing), but as is we'd have to add a line to that file for each and every blog/show on our site. That isn't actually all that crazy, but I would definitely need to move the file to being a generated result instead of what it is right now, a static file.
#Mar 2nd @ 8:48 AM
KlausRM
KlausRM
That's OK...
So the issue is more that many of the RSS feeds that Channel 9 is publishing is not placed under /Feeds/* ?

It is not that important. I was just working with a small hobby project that could show the PDC 2008 videos more like the way it was done on the Mix08 web site, and I was blocked by having no access to the PDC 2008 rss feed.

Another example: If I was interested in all the post from Dan Fernandez the feed is http://channel9.msdn.com/Niners/Dan/RSS/ - and again (this time under /Niners/*) this is not directly accessible from Silverlight.

No harm done. I'll find way around it (maybe by putting up a webservice between the Silverlight app. and the feed) - or another hobby project Wink

Keep up the good work. I really enjoy the site and all videos Smiley

Cheers
Klaus
page 1 of 1
Comments: 2 | Views: 797
Microsoft Communities