What security does Silverlight's clientaccesspolicy add?

Yesterday I got a question from a collegue about Silverlight's crossdomain access po开发者_如何转开发licy mechanism. I've not used it before, so I read up a bit on it. I think that I do understand how to configure it, but I don't understand the security implications.

If I for example have the following setup:

• http://somesite.com/html-hosting-silverlight-app.html
• http://somesite.com/silverlight-app.xap
• http://othersite.com/service.svc
• http://othersite.com/clientaccesspolicy.xml

In this case the clientaccess policy of othersite can enable the silverlight-app at somesite to use the othersite.com/service.svc service. According to MSDN this is an ensurance of the service that it is safe:

By opting-in, a service states that the operations it exposes can safely be invoked by a Silverlight control, without potentially damaging consequences to the data that the service stores.

What I don't understand is how this provides any real security benefit. The service is just another soap service, which can be called from any soap client, using any crafted call parameters. If I fire up wcftestclient against http://othersite/service.svc I can just bypass the clientaccesspolicy.xml and do whatever I want.

So, what security does the clientaccesspolicy.xml really add?

It's to prevent Cross Site Request Forgery where a malicioius Silverlight application can perform actions on behalf of the user. Having a properly configured clientaccesspolicy.xml ensures that the request comes from a trusted Silverlight application.

As far as invoking the service directly, normally methods that modify resources on the server should be protected with authentication to ensure that only authorized users can invoke them.