Azure: Crossdomain.xml inside root of blob storage.

My recent Azure adventures are working with a Flash client as the front end, which meant the need to implement a crossdomain.xml file to allow the Flash client to connect to my site.

What is Cross-Domain?

A cross-domain policy file is an XML document that grants a web client, such as Adobe Flash Player or Silverlight permission to handle data across domains. When a client hosts content from a particular source domain and that content makes requests directed towards a domain other than its own, the remote domain  needs to host a cross-domain policy file that grants access to the source domain, allowing the client to continue  the transaction.

And in Azure this is all fine for the hosted service/site. You can just create the xml file within your site and you’re ready to rock and roll.

The problem

The same thing must be done on your Blob storage account to allow your web client to access videos or other assets that are hosted in your Blob storage. From initial looks at how Blob storage works, which requires a container to place files/blobs into. But after a little digging I got to the root (hehe) of the solution.

By creating a container called “$root” this mimics the root directory and as far as a web client is concerned. It exists within the root of your blob storage URI (or whatever the URI of the CNAME you have pointed to your blob storage).

The solution

I like to setup everything necessary in code to create/run my Azure projects. So if you add the following method into the Run method of your web/worker role, it will automatically create the root folder and your defined crossdomain.xml file.

private void CreateCrossDomainFile()
	CloudBlobClient client = _cloudStorageAccount.CreateCloudBlobClient();

    new BlobContainerPermissions 
      PublicAccess = BlobContainerPublicAccessType.Blob 
	CloudBlob blob = client.GetBlobReference("crossdomain.xml");
	blob.Properties.ContentType = "text/xml";
	blob.UploadText(@"<?xml version=""1.0"" encoding=""utf-8""?>
    <allow-access-from domain="""" secure=""false"" /> 
    <allow-access-from domain="""" secure=""false"" />   


public class WorkerRole : RoleEntryPoint
    public override void Run()