A great tool for debugging Silverlight 2 cross-domain problems is the free "debugging proxy" tool called Fiddler.  Fiddler acts like an "HTTP sniffer".  It lets you watch as your browser has HTTP-conversations with servers.  This post is a very brief example of using Fiddler to "spy" on Silverlight 2 as it looks for cross-domain policy files.  For the demo I'm using ScottGu's Silverlight 2 Digg client demo.  Scott now has downloadable Silverlight 2 sources for his demo here. (I did a translation to WPF in a previous blog article.)

If you download and build Scott's SL2 demo and have Fiddler installed, you should be able to capture a "trace" of the HTTP requests made by Silverlight to the Digg site, and the responses.  In the attached screen capture of Fiddler you can see Silverlight first try to open clientaccesspolicy.xml from Digg's site and fail, but then try and succeed to open crossdomain.xml.  You can also see the contents of crossdomain.xml that were returned.  The '*' is allowing any domain to call Digg's APIs.

When it comes to testing some unknown site to see if it has cross-domain policy files, one technique is to just hit that domain with your browser and see if it can find those files.  For example, if you type this URI into the browser: http://services.digg.com/crossdomain.xml, the browser will successfully find it and show you its contents.  So their "welcome" sign has been lit.

Alan Cobb