I hit a little gotcha today when using Silverlight to talk to a Service. My solution has a separate web and wcf projects. So, without thinking, it didn’t suprise me that the Silverlight app running in the web site moaned about security when trying to talk to the service (http://projects.nikhilk.net/WebDevHelper is a great add-in for IE if you want to inspect the http requests on a development machine). So I placed a clientaccesspolicy.xml in the service and everything worked fine. Later it struck me that in this instance (for various reasons) the service should actually exist in the web site rather than a separate project. So I moved the service over and didn’t bother to move the policy file, after all I will no longer be going cross-domain. So I was initially puzzled as to why I was getting the security faults again. The problem stems from my use of a virtual directory on my dev machine. So my web site is at something like; myBox.myCompany.com/devSite/default.aspx. However, when Silverlight looks for the domain policy it looks for at the root of the domain so; myBox.myCompany.com and unsurprisingly it cannot find the policy file there. So I just had to copy the file to the root of default site and everything was fine.