An interesting question crossed my plate today “why should I use a client access policy or cross domain policy on my server?”. Having come from the server world, I had to remind myself repeatedly that the fundamental difference between Silverlight and ASP.NET is Silverlight runs on the client, and ASP.NET runs on the server.
Along with this difference is the ability to access data. ASP.NET applications can use the HttpWebRequest or call a web service not located on the same server. Since Silverlight runs on the client, it is a potential security risk to access data from a server where the XAP did not originate. SO, the introduction (it’s a standard practice for Flash) of the client access policy. Briefly, create a file named clientaccesspolicy.xml with the xml content below, and your service/data is ready to be consumed by Silverlight.