This sample demonstrates how to consume the Access Control Service and the Service Bus Message Buffer API from a Silverlight application

This sample solution contains three projects:

  1. PolicyPublisher: A console application that publishes and deletes the Silverlight ClientAccessPolicy.xml for your namespace.
  2. MessageBufferClient: A Silverlight application that performs the following message buffer operations.
    1. Creates a message buffer
    2. Sends a message
    3. Retrieves a message
    4. Gets the message buffer policy
    5. Deletes the message buffer

  3. MessageBufferClientWeb: an ASP.NET host for the MessageBufferClient Silverlight application.

This solution requires that you have the Silverlight SDK and Silverlight tools for Visual Studio installed if you are using Visual Studio 2008. For Visual Studio 2010, you do not have to install any of these.

Same Origin Policy and Cross Domain Access

To interact with the Message Buffer, you must get a token from the appropriate Service Bus issuer.

Browsers and browser-side programming languages, such as Javascript, enforce a security policy called the same origin policy. This policy restricts cross domain calls; that is, it only allows code running in the browser to call back code that resides on the site (the host site) where the browser code was downloaded from, and does not allow browser code to call into code residing on a different site (the target site).

Cross domain access can be setup explicitly if the target site places a specific policy file at its root. For Silverlight this policy file is called ClientAccessPolicy.xml. A simple ClientAccessPolicy.xml appears as follows:

<?xml version=""1.0"" encoding=""utf-8""?>
<access-policy>
    <cross-domain-access>
        <policy>
            <allow-from http-request-headers="*" http-methods="*">
                <domain uri="https://*"/>
                <domain uri="http://*"/>
            </allow-from>
            <grant-to>
                <resource path="/" include-subpaths="true" />
            </grant-to>
        </policy>
    </cross-domain-access>
</access-policy>

For the Access Control Service, all service namespaces have the cross domain access set up by default. For the Service Bus, cross domain access must be explicitly enabled, as shown below.

The Silverlight Client Stack

Silverlight can be configured to use either the browser's HTTP stack or its own client stack. To use the services, you will be required to use the Silverlight client stack. This can be configured as follows:

if (!WebRequest.RegisterPrefix("https://", WebRequestCreator.ClientHttp))
{
    this.currentContext.Post(
        new SendOrPostCallback(this.DisplayCallback),
        new DisplayData(
            "Failed to register the HTTPS prefix with the Silverlight's client stack", true));
}

if (!WebRequest.RegisterPrefix("http://", WebRequestCreator.ClientHttp))
{
    this.currentContext.Post(
        new SendOrPostCallback(this.DisplayCallback),
        new DisplayData(
            "Failed to register the HTTP prefix with the Silverlight's client stack", true));
}

The X-MS-Authorization Custom HTTP Header

To program secured endpoints, requires that the Access Control token be passed in the Authorization HTTP header. However, Silverlight does not allow applications to write to the Authorization HTTP header. To work around this, the Services API has introduced the X-MS-Authorization HTTP custom header which behaves in the same way as the Authorization HTTP header.

 

Sample Flow

 

  1. After building the solution, open a command prompt window and go to the PolicyPublisher directory and run the PolicyPublisher executable as follows to publish the clientaccesspolicy file.

    Please enter the following info for uploading a clientaccesspolicy file:

    Service Namespace:<serviceNamespace>

    Issuer Name: <issuerName>

    Issuer Key: <issuerKey>

    Publish/Delete Policy file (publish/delete): publish

    Policy File Location: clientaccesspolicy.xml

    Requesting token from ACS

    Client Access policy published.

  2. Run the MessageBufferClient project (right-click the project and select “Debug” followed by “Start new instance”).

  3. This will start the Silverlight application in a browser. Note the fields that are present in the window, such as Issuer Name, Issuer Key, Service Namespace and Message Buffer Name. Fill in these fields with the details appropriate to your Windows Azure subscription. The Message Buffer Name is the name of the message buffer that you intend to create for this sample.
  4. After this information is entered, click the “Create” button, which will create the message buffer.
    Note that the textbox displays the output of this operation, as follows:

  5. Sending request to get token

    Retrieved token successfully

    Sending request to create message buffer

    <entry xmlns="http://www.w3.org/2005/Atom"><id>uuid:c2978a42-fafc-4ba0-819a-63b411fbe881;id=168</id><title type="text">mymbtest</title><updated>2010-06-09T22:31:52Z</updated><link rel="alternate" href="https://messagebufferuser.servicebus.windows.com/mymessagebuffer/"/><link rel="self" href="https:// messagebufferuser.servicebus.windows.com/mymessagebuffer/"/><link rel="head" href="https:// messagebufferuser.servicebus.windows.com/mymessagebuffer"/><content type="text/xml"><MessageBufferPolicy xmlns="http://schemas.microsoft.com/netservices/2009/05/servicebus/connect" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><ExpiresAfter>PT5M</ExpiresAfter><MaxMessageCount>10</MaxMessageCount></MessageBufferPolicy></content></entry>


    The application first requests a token from ACS and successfully gets a token from ACS. Then, it sends a request to ServiceBus with this token to create a message buffer and the message buffer is successfully created. The policy of the message buffer just created is also displayed in the output.

  6. Now, click the “Send” button to send a message to the message buffer created in step 4.

    Note that the textbox displays the output of this operation, as follows

    Sending request to get token.

    Retrieved token successfully Sending request to send message: <msg> This is a test message, Timestamp: 6/21/2010 7:00:01 PM

    Message Buffer Operation successful


  7. Click the “Retrieve” button to retrieve the message sent in step 5. Note that the textbox displays the output of this operation, as follows:

    Sending request to get token

    Retrieved token successfully

    Sending request to retrieve message

    This is a test message, Timestamp: 6/21/2010 7:00:01 PM

    The application first obtains a token from ACS. Then, it sends a request to the Service Bus with this token to retrieve a message from the message buffer and the message is successfully retrieved and content of the message is displayed as well.

  8. Similarly, click the “GET” button to retrieve the policy of the message buffer created in step 4.

    The textbox displays the contents of the policy of the message buffer after it is successfully retrieved from the Service Bus.

  9. Finally, click the “DELETE” button to delete the message buffer created in step 4.

  10. To delete the policy file which was published in step 1, run the PolicyPublisher executable as follows, to delete the clientaccesspolicy file.

    Please enter the following info for uploading a clientaccesspolicy file:

    Service Namespace: <serviceNamespace>

    Issuer Key: <issuerKey>

    Publish/Delete Policy file (publish/delete): delete

    Requesting token from ACS

    Client Access policy published.

 



Did you find this information useful? Please send your suggestions and comments about the documentation.