ArcGIS Server and Lucity Web are on different servers

The Lucity web map uses Microsoft’s Silverlight technology. When the ArcServer machine that hosts the map services is separate from the web server that hosts the Lucity website, access needs to be granted to the web server so that the Silverlight webmap can use the map services.

Clients who want to use this map application will need to implement some policy files on the server where the map services are hosted to permit Silverlight to access the map services. This is done using one or two files installed in the wwwroot directory of the web server. These files are CrossDomain.xml and ClientAccessPolicy.xml. These policy files are shared with Adobe’s Flash player so it is possible that the files may already be configured if any Adobe content is currently accessed on the web server where the map services are hosted. Silverlight will always first attempt to download and check for a ClientAccessPolicy file. If it cannot find the ClientAccessPolicy file, it will look for a CrossDomain.xml file.

How To

1. Create one or both of these files by copying one of the examples below.
2. Save it (them) to the wwwroot directory or the root of the website where ArcServer map services and geocoding services are hosted. For example:
   • If Arc Server Manager is installed to c:\inetpub\wwwroot\ArcGIS\Manager the files will go in c:\inetpub\wwwroot
   • If Arc Server Manager is installed to c:\inetpub\gisroot\ArcGIS\Manager the files will go in c:\inetpub\gisroot

• This is an example of a ClientAccessPolicy.xml file that allows traffic from any domain/site:

  <?xml version="1.0" encoding="utf-8"?>

  <access-policy>

  <cross-domain-access>

  <policy>

  <allow-from http-request-headers="*">

  <domain uri="*"/>

  </allow-from>

  <grant-to>

  <resource path="/" include-subpaths="true"/>

  </grant-to>

  </policy>

  </cross-domain-access>

  </access-policy>

• This is an example of a ClientAccessPolicy.xml file that allows traffic from http://www.mysite.com

  <?xml version="1.0" encoding="utf-8"?>

  <access-policy>

  <cross-domain-access>

  <policy>

  <allow-from http-request-headers="*">

  <domain uri="http://www.mysite.com"/>

  </allow-from>

  <grant-to>

  <resource path="/" include-subpaths="true"/>

  </grant-to>

  </policy>

  </cross-domain-access>

  </access-policy>

• This is an example of a ClientAccessPolicy.xml file that only allows traffic from an intranet web server with the name "Norway"

  <?xml version="1.0" encoding="utf-8"?>

  <access-policy>

  <cross-domain-access>

  <policy>

  <allow-from http-request-headers="*">

  <domain uri="http://Norway"/>

  </allow-from>

  <grant-to>

  <resource path="/" include-subpaths="true"/>

  </grant-to>

  </policy>

  </cross-domain-access>

  </access-policy>

• This is an example of a CrossDomain.xml file that allows traffic from any website (on any web server) from Adobe or Silverlight to access resources on the website

  <?xml version="1.0"?>

  <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

  <cross-domain-policy>

  <allow-http-request-headers-from domain="*" headers="*"/>

  </cross-domain-policy>