locked
Web Service Call From Login.aspx (Unauthorized) RRS feed

  • Question

  • User-691759321 posted

    I have a login page using forms authentication that is working great.  I am trying to add a new account database call.  I have a jQuery modal that collects and validates the new account information and I just want to call a web service using the ajax call.  Every time I reference the web method it gives me a 401 Unauthorized error.  I know it has to do with the forms authentication.  Any ideas?  Here is my web config:

    <?xml version="1.0" encoding="utf-8"?>
    <configuration>
      <appSettings>
        <add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
      </appSettings>
      <location path="DataAccessLayer.asmx">
        <system.web>
          <authorization>
            <allow users ="*" />
          </authorization>
        </system.web>
      </location>
      <system.web>
        <compilation debug="true" targetFramework="4.5" />
        <httpRuntime targetFramework="4.5" />
        <authentication mode="Forms">
          <forms name=".LoginForm" loginUrl="Login.aspx" protection="All" path="/" timeout="30" />
        </authentication>
        <authorization>
          <deny users="?" />
          <allow users="*" />
        </authorization>
        <pages>
          <controls>
            <add tagPrefix="ajax" assembly="AjaxControlToolkit" namespace="AjaxControlToolkit" />
          </controls>
        </pages>
      </system.web>
      <system.web.extensions>
        <scripting>
          <webServices>
            <jsonSerialization maxJsonLength="2147483644"/>
          </webServices>
        </scripting>
      </system.web.extensions>
    </configuration>

    Sunday, April 20, 2014 3:11 PM

Answers

  • User1546878023 posted

    Based on what you are saying, you can probably fix your problem by modifying this section

    <location path="DataAccessLayer.asmx">
        <system.web>
          <authorization>
            <allow users ="*" />
          </authorization>
        </system.web>
      </location>

    Instead of allow users="*" you should write allow users="?" in order to allow anonymous users access to the webservice, which is required since it sound like you attempt to access the webservice when a user is not logged in.

    You do not to be aware though and ensure that your webservice cannot be misused since you are now opening it up for all to use.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, April 20, 2014 4:08 PM

All replies

  • User1873438307 posted

    Try this in your web.config just before your other locations rules

    <location path="login">
        <system.web>
          <authorization>
            <allow users="*"/>
          </authorization>
        </system.web>
      </location>

    Sunday, April 20, 2014 4:08 PM
  • User1546878023 posted

    Based on what you are saying, you can probably fix your problem by modifying this section

    <location path="DataAccessLayer.asmx">
        <system.web>
          <authorization>
            <allow users ="*" />
          </authorization>
        </system.web>
      </location>

    Instead of allow users="*" you should write allow users="?" in order to allow anonymous users access to the webservice, which is required since it sound like you attempt to access the webservice when a user is not logged in.

    You do not to be aware though and ensure that your webservice cannot be misused since you are now opening it up for all to use.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, April 20, 2014 4:08 PM
  • User-691759321 posted

    Thanks for the suggestions but neither option worked.

    Sunday, April 20, 2014 5:06 PM
  • User-691759321 posted

    Using the suggestion of change the location authorization from * to ? with the combination of moving the web method to the Login.aspx.cs appears to be working.

      <location path="Login.aspx">
        <system.web>
          <authorization>
            <allow users ="?" />
          </authorization>
        </system.web>
      </location>

    Thanks

    Sunday, April 20, 2014 5:16 PM