You should use cross-domain policy files when accessing third party web services. There are some ways to develop it; I explain a way that it can solve your problem.
Note1: The request
http://localhost:58993 is different with
http://xyz.com:4568 in security context.
Step 1: Create IPolicyRetriever interface
[ServiceContract]
public interface IPolicyRetriever
{
[OperationContract, WebGet(UriTemplate = "/clientaccesspolicy.xml")]
Stream GetSilverlightPolicy();
[OperationContract, WebGet(UriTemplate = "/crossdomain.xml")]
Stream GetFlashPolicy();
}
Step2 : Implement IPolicyRetriever interface in your service
public class Service1 : IService1, IPolicyRetriever
{
#region [ IPolicyRetriever Members ]
Stream StringToStream(string result)
{
WebOperationContext.Current.OutgoingResponse.ContentType = "application/xml";
return new MemoryStream(Encoding.UTF8.GetBytes(result));
}
public Stream GetSilverlightPolicy()
{
string result = @"<?xml version=""1.0"" encoding=""utf-8""?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers=""*"">
<domain uri=""*""/>
</allow-from>
<grant-to>
<resource path=""/"" include-subpaths=""true""/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>";
return StringToStream(result);
}
public Stream GetFlashPolicy()
{
string result = @"<?xml version=""1.0""?>
<!DOCTYPE cross-domain-policy SYSTEM ""http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"">
<cross-domain-policy>
<allow-access-from domain=""*"" />
</cross-domain-policy>";
return StringToStream(result);
}
#endregion
}
Note2: Tim Heuer describes another way in this video :
http://www.silverlight.net/learn/videos/all/how-to-use-cross-domain-policy-files-with-silverlight/