Cloud Zone is brought to you in partnership with:

Adam is an Evangelist for Windows Azure, working for Microsoft. By day, you can likely find him somewhere in the midwest, driving to yet another whiteboarding/deep-thinking session, ready to figure out how the cloud can save your family from certain doom, and make you rich and successful in the process. Before he started evangelizing, Adam was a Senior Developer Lead for Microsoft in Redmond, working on Office 365, BPOS, and Office Live. He misses Redmond, and the excitement of the mother ship, but the call of bitter cold and lots of snow in Chicago was too much for him, and he had to return. Lucky for you! When he's not evangelizing, he likes to spend time with his wife and kids, telling them how the cloud will benefit them as well. Adam is a DZone MVB and is not an employee of DZone and has posted 9 posts at DZone. You can read more from them at their website. View Full User Profile

Enabling Cross-Domain Access to Windows Azure Blobs from Flash Clients

  • submit to reddit

Here’s an interesting tidbit that came across my desk recently.  If you’re building applications with Adobe Flash and want to enable the use of Windows Azure for blob storage, you’ll need to be able to create a “cross-domain policy file” in order to get the Flash client to request blobs.

Why? Because the Flash client requires it. Specifically:

“For security reasons, a Macromedia Flash movie playing in a web browser is not allowed to access data that resides outside the exact web domain from which the SWF originated.” – Source: Cross-domain policy for Flash movies

So how does that relate to the use of Windows Azure Blob Storage from Flash applications?

Well, imagine this. You create a Flash application and host it on your site. It might even be a site hosted on Windows Azure, or maybe not.  Either way, the application itself has an “exact web domain from which the SWF originated”, as follows:

Hosting Platform Typical URL Originating Domain (as seen by Flash)
Non Windows Azure Host
Windows Azure Cloud Services, no custom CNAME
Windows Azure Cloud Services, with custom CNAME
Windows Azure Websites
Windows Azure Websites, Shared or Reserved Mode, with custom domain name

Now, here comes the problem.  When you access the Windows Azure Blob Storage, the domain that will be serving up your blobs is going to be a subdomain of (something like, and that doesn’t match up with _any_ of these domains here.  By default, Flash won’t let you access this domain, unless you are able to serve up a crossdomain.xml file from that domain.  This policy file is a little XML file that gives the Flash Player permission to access data from a given domain without displaying a security dialog.  When it resides on a server, it lets the Flash Player have direct access to data on the server, without the prompts for user access.  But since Windows Azure Blob Storage is an Azure service, that’s not possible, right?

As it turns out… it is possible.  You can actually host the crossdomain.xml file in the root container of your blob storage, and then simply ensure that the root container has public read access.  It looks like the following:

CloudBlobContainer cloudBlobContainer = cloudBlobClient.GetContainerReference("$root");
cloudBlobContainer.SetPermissions(new BlobContainerPermissions { PublicAccess = BlobContainerPublicAccessType.Blob }); 


Published at DZone with permission of Adam Hoffman, author and DZone MVB. (source)

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)