Hi everyone, I'm hoping someone can shed some light on a problem I'm having trying to get a simple webservice working over HTTPS.
The basic scenario is thus; I have a couple of web service components running on an IIS box which has been secured so that HTTPS access is required to get at the service components. My Flex app that uses the services uses HTTPService to access them. The website on which the services reside has HTTP and HTTPS channels open to the services and has a wide open crossdomain.xml file at its root: <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="all"/> <allow-access-from domain="*" to-ports="*" secure="true" /> <allow-http-request-headers-from domain="*" headers="*" secure="true" /> </cross-domain-policy> Now, when I hit the services via HTTP, all is well. When I try and hit them via HTTPS though, I get a fault event every time I try and access a service. Specifically, I get the fault string, 'Security error accessing url'. I've put a little test app together too that runs locally and simply tries to access one of the services. This throws the same error but gives me a little more in the console window, Error: Request for resource at https://myserver.co.uk/myservice.ashx by requestor from http://localhost/dev/HttpsTest-debug/HttpsTest.swf is denied due to lack of policy file permissions. *** Security Sandbox Violation *** Connection to https://myserver.co.uk/myservice.ashx halted - not permitted from http://localhost/dev/HttpsTest-debug/HttpsTest.swf I'm not sure where to go from here, as the policy file is permitting access isn't it? I've done a lot of looking around and have found a few suggestions that browser and header issues might be the cause but I don't think its down to that ... I've tried the big 3 browsers and behaviour is the same on them all. I'm running out of ideas now, and would like to ask if anyone knows where I might be going wrong here? Any help would be very much appreciated. Regards, Craig