C# REST webservice authentication problem

By : Rob
Source: Stackoverflow.com
Question!

In my previous question here i was experiencing difficulties with Authenticating webservices. With the use of the WcfRestContrib library which i found here i was able to solve this issue. I build a small testapplication and the authentication works like a charm.

But while i'm implementing this in the webapplication where i want to use the webservice authentication part, i keep getting the problem that the used Forms Authentication in the webapplication keeps redirecting me to the login page.

I've got the following configuration part in the web.config of my webapplication. This is the application where i'm trying to call the service by it's url;

http://website.localhost/Services/Info.svc/account

The web.config for the website.localhost contains the following parts;

<location path="Services">
  <system.web>
    <authorization>
      <allow users="*" />
    </authorization>
  </system.web>
</location>

<system.serviceModel>
  <extensions>
      <behaviorExtensions>
        <add name="webAuthentication" type="WcfRestContrib.ServiceModel.Configuration.WebAuthentication.ConfigurationBehaviorElement, WcfRestContrib, Version=1.0.6.107, Culture=neutral, PublicKeyToken=89183999a8dc93b5"/>
        <add name="errorHandler" type="WcfRestContrib.ServiceModel.Configuration.ErrorHandler.BehaviorElement, WcfRestContrib, Version=1.0.6.107, Culture=neutral, PublicKeyToken=89183999a8dc93b5"/>
        <add name="webErrorHandler" type="WcfRestContrib.ServiceModel.Configuration.WebErrorHandler.ConfigurationBehaviorElement, WcfRestContrib, Version=1.0.6.107, Culture=neutral, PublicKeyToken=89183999a8dc93b5"/>
      </behaviorExtensions>
  </extensions>
  <behaviors>
      <serviceBehaviors>
        <behavior name="Rest">
          <webAuthentication requireSecureTransport="false" authenticationHandlerType="WcfRestContrib.ServiceModel.Dispatcher.WebBasicAuthenticationHandler, WcfRestContrib" usernamePasswordValidatorType="CMS.Backend.Services.SecurityValidator, CMS.Backend" source="CMS.Backend"/>
          <errorHandler errorHandlerType="WcfRestContrib.ServiceModel.Web.WebErrorHandler, WcfRestContrib"/>
          <webErrorHandler returnRawException="true" logHandlerType="CMS.Backend.Services.LogHandler, CMS.Backend" unhandledErrorMessage="An error has occured processing your request. Please contact technical support for further assistance."/>
        </behavior>
      </serviceBehaviors>
  </behaviors>
  <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
</system.serviceModel>

I'm excluding the Services directory from authentication by giving all anonymous users acces, this is the part causing problems i think.

My service (Info) contains the following attributes

[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
[ServiceConfiguration("Rest", true)]
public class Info : IInfo
{
   //Some foo hapens
}

The web.config of the service contains this;

<system.web>
   <authorization>          
     <allow users="*" />
   </authorization>
</system.web>

Whenever i try the above supplied url to make a call to the service i'm being redirected to the login page of the website on http://website.localhost/Logon. How can i prevent this from happening? As far as i know the web.config should be correct.

--THE FINAL SOLUTION--

I modified the web.config to look like this;

<sytem.web>
  //site config
</system.web>

<location inheritInChildApplications="false">
    <system.web>
      <authentication mode="Forms">
        <forms name="AllPages" loginUrl="~/Logon/" timeout="360" enableCrossAppRedirects="false" />
      </authentication>
    </system.web>
  </location>

I Also removed this rule from the web.config which i added in an earlier state. Apperently it conflicted with the added location tag and the web.config in the service itsself

<location path="Services" >
  <system.web>
    <authorization>
      <allow users="*" />
    </authorization>
  </system.web>
  </location>
By : Rob


Answers

You should prevent inheritance of the settings that are specified in the associated configuration section and inherited by applications that reside in a subdirectory of the relevant application.

Try to put your site "system.web" section into "location" section:

By : mastak


This video can help you solving your question :)
By: admin