none
Http DELETE request to .svc returns 401.3 unauthorized RRS feed

  • Question

  • Http DELETE requests to our WCF REST services (.svc files) are returning 401.3 unauthorized when hosted in Azure. GET & POST requests to the same resource work fine.

    I can fix the problem if I add <authentication mode="Forms" /> to the web.config, however this causes other side effects so it's not an option.

    I originally raised this problem on the IIS forums as I didn't think it was related to our Azure environment, however the Microsoft IIS team gave me this response:

    Check if the app pool identity of your application has file system permissions ACLs to the physical path - folder/svc file. If you are supplying the right set of credentials, this must be at fault.

    My guess is that this is out of my control? Any assistance would be much appreciated.

    Cheers,
    Anthony.

    Friday, September 10, 2010 11:12 PM

All replies

  • Hello, I don't think this problem is caused by the Application Pool's identity, since GET and POST to the same service works fine. Does your service require authentication? By default, WebHttpBinding (unlike WSHttpBinding) doesn't require authentication, so you don't need to configure the authentication mode to Forms. Please also check what resource you're trying to delete. For example, it is usually incorrect to make a DELETE request to the svc file itself. The request URI should be http://domain/MyService.svc/MyResource, where MyResource is indicated by the UriTemplate property of the WebInvoke attribute.
    Lante, shanaolanxing This posting is provided "AS IS" with no warranties, and confers no rights.
    Monday, September 13, 2010 3:52 AM
  • Thanks for your reply. Yes, we are hitting a specific endpoint within the service, not just the .svc file. The endpoint has custom authentication, however trace data has shown that our authentication doesn't event get hit - something is blocking the request to the resource altoghether.

    We've had to implement an extreme solution and replace all of our DELETE verbs to a POST to a specific "delete" endpoint - which isn't very RESTful :(

    Monday, September 13, 2010 11:01 PM
  • If you temporary remove the custom authentication, does it work fine? I haven't tried custom authentication yet. But I tried DELETE operation against a WCF Data Service (also REST) that does not neeed authentication, and it works fine in the cloud. Try to delete a travel stop on http://sqlazurebingmap.cloudapp.net/SilverlightClient.htm, and click the Save button. It issues a DELETE request to an underlying service. So I think the problem is probably in your custom authentication. Can you post the code about the authentication?
    Lante, shanaolanxing This posting is provided "AS IS" with no warranties, and confers no rights.
    Tuesday, September 14, 2010 1:20 AM
  • Hey guys did you ever find a solution for this problem?  I've been struggling with the same issue for almost a week...

     

    My Scenario : I have a lot of WCF REST services hosted on Azure.  Everything works great on my local machine.

    Issue :

    PUT and DELETE requests cause an error.  "The remote server returned an error: (401) Unauthorized."

    GET and Post requests are successful.

    What I've Tried:

    • I tried removing the webDav module. 
    • I feel like I've tried every combination of handler configuration.

    This is my current Modules and Handler Section:

    <modules>
                <add name="ar.sessionscope" type="Castle.ActiveRecord.Framework.SessionScopeWebModule, Castle.ActiveRecord" />
                <remove name="WebDAVModule" />
    </modules>

    <handlers>
                <remove name="StaticFile" />
                <add name="Wild Card" path="*" verb="*" modules="IsapiModule" scriptProcessor="C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll" resourceType="Unspecified" requireAccess="None" preCondition="classicMode,runtimeVersionv2.0,bitness32" />
               
                <remove name="svc-integrated" />
                <remove name="svc-integrated-4.0" />
                <add name="svc-isapi" path="*.svc" verb="GET,HEAD,POST,DEBUG,PUT" modules="IsapiModule" scriptProcessor="C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll" resourceType="Unspecified" preCondition="classicMode,runtimeVersionv2.0,bitness32" />
                <add name="svc-integrated" path="*.svc" verb="GET,HEAD,POST,DEBUG,PUT" type="System.ServiceModel.Activation.HttpHandler" resourceType="Unspecified" preCondition="integratedMode" />
                <add name="svc-integrated-4.0" path="*.svc" verb="GET,HEAD,POST,DEBUG,PUT" type="System.ServiceModel.Activation.ServiceHttpHandlerFactory, System.ServiceModel.Activation" resourceType="Unspecified" preCondition="integratedMode,runtimeVersionv4.0" />
               
                <remove name="PageHandlerFactory-Integrated" />
                <remove name="PageHandlerFactory-Integrated-4.0" />
               
                <add name="PageHandlerFactory-Integrated-4.0" path="*.svc" verb="GET,HEAD,POST,DEBUG,PUT" type="System.Web.UI.PageHandlerFactory" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode,runtimeVersionv4.0" />
                <add name="PageHandlerFactory-Integrated" path="*.svc" verb="GET,HEAD,POST,DEBUG,PUT" type="System.Web.UI.PageHandlerFactory" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode" />
    </handlers>


    Application Architect
    Wednesday, March 2, 2011 2:38 PM
  • So of course as soon as you decide to ask for help it's only a matter of minutes until you find the solution...  (c:

    <authentication mode="None" />

    That's all I needed.  It was set to "Windows" previously.  I put the modules and httphandler configuration back to the way it was which is:

    <modules>
                <add name="ar.sessionscope" type="Castle.ActiveRecord.Framework.SessionScopeWebModule, Castle.ActiveRecord" />
            </modules>
            <handlers>
                <remove name="StaticFile" />
                <add name="Wild Card" path="*" verb="*" modules="IsapiModule" scriptProcessor="C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll" resourceType="Unspecified" requireAccess="None" preCondition="classicMode,runtimeVersionv2.0,bitness32" />
                <add name="svc-isapi" path="*.svc" verb="*" modules="IsapiModule" scriptProcessor="C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll" resourceType="Unspecified" preCondition="classicMode,runtimeVersionv2.0,bitness32" />
                <add name="svc-integrated" path="*.svc" verb="*" type="System.ServiceModel.Activation.HttpHandler" resourceType="Unspecified" preCondition="integratedMode" />
            </handlers>

    Thanks,

    Tim


    Application Architect
    • Proposed as answer by Tim Costantino Wednesday, March 2, 2011 3:09 PM
    Wednesday, March 2, 2011 3:09 PM