Silverlight XMPP setup guide for MatriX

It looks like many developers have problems to setup and debug Silverlight applications with MatriX.

There are different ways to setup a XMPP connection with MatriX

  1. direct socket connection on a port within the Silverlight port range
  2. direct connection over a HTTP proxy with the CONNECT command (HTTP tunneling)
  3. BOSH connection

Silverlight has different network security access restrictions for sockets and web requests. If you choose option 1 or 2 then the socket policies apply, if you choose 3 then the web request policy apply because MatriX is using .NET WebRequest classes for the connections. Read more details about the Silverlight network security access restrictions here.

Silverlight allows socket connections only on ports 4502-4534. For option 1 and 2 this means you have to configure your XMPP or proxy server to listen on a port within this port range, or use other technologies like port forwarding to redirect connections to the XMPP default port 5222. Before a socket can be connected the Silverlight runtime requests the policy on the target site at port 943 and checks the permissions.You have to run a policy server which must be able to serve requests on the same domain as your XMPP or proxy server is hosted.

When using BOSH and crossing domains the Silverlight runtime requests a policy xml file from the root of the BOSH Uri. This means you can connect to other XMPP servers (not under your control) only if they host a policy file on the root of the BOSH Uri which allows you to connect. Or you run your own BOSH server which is able to connect to any XMPP server in the federated network. Punjab is a good choice for the latter.

when the BOSH Uri is the Silverlight runtime request either a Flash policy file at or a Silverlight policy file at when crossing domains.

To avoid cross domain requests on your own server you can either

  • choose a XMPP server which allows you to host your application on the BOSH Uri
  • proxy from your web server to the BOSH server e.g. with mod_proxy in Apache.
Crossing domains would be much easier if all BOSH components allow you to serve the policy files at the root of the BOSH Uri.

All this policy stuff makes not much sense to me, but this is what Adobe and Microsoft came up with. So we have to deal with it.

Leave a comment


  1. “choose a XMPP server which allows you to host your application on the BOSH Uri”

    Any recommendations?

  2. ejabberd, Prosody, Punjab

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.