Your Privacy Matters: We use our own and third-party cookies to improve your experience on our website. By continuing to use the website we understand that you accept their use. Cookie Policy
103
openstreetmap and https
posted

I am trying to use the SL xammap control with the built in openstreetmap tile source...

Everything works correctly in development but when publishing to the IIS6 server, the SL client will not display the map.

The site is configured to use SSL+128 bit encryption in IIS. If I swich this off and reload the SL app using the http:// address (instead of https:// ) it renders the map tiles correctly.

What am I doing wrong? I'm still learning on my feet here, is it an IIS setting or a web.config setting maybe?

 

  • 30692
    Suggested Answer
    Offline posted

    I think you are having problems due to the cross-scheme access. Your Silverlight application was fetched using the HTTPS scheme, and you are trying to talk to OpenStreetMap using the HTTP scheme, which Silverlight is denying, I presume, due to the security violation of your more secure zone trying to talk to a less secure zone. It's possible you may be able to allow this behavior in the ClientAccessPolicy, but I suspect it doesn't let you allow calling from a secure zone to a less secure zone, only the other way around (but I could be wrong about this ;-) )

    One approach would be to proxy the requests for the map tiles on your server using an HTTPS enpoint, but this would obviously increase your bandwidth burden on your server, since you would be piping the map images from OpenStreetMap.

    Another approach would be to see if any of our supported tile source providers have an HTTPS service you can use rather than an HTTP service.

    Yet another approach is to examine your SSL usage. Why do you need the SSL for the silverlight application? Could only the secure parts of the application elevate to SSL, or does the user need to see the HTTPS in the browser address bar? This is a common issue to address when a map is displayed in an HTTPS site, and I believe some approach it by having multiple iframes where some of the content of the page is secure and some is insecure (something most sensible browsers generate a warning about, by the way). In this way, it may be possible to host multiple silverlight applications on a page in different security zones. But you would want to investigate further along these lines.

    Hope this info helps! let me know if you have any questions.

    -Graham