Any Asp.Net Guru's about

eric_knapper · 20 Aug 2009 at 18:41

I have an ASP.net app that has forms authentication setup for security. I have just added a web service to this app to be accessed from a desktop application. When I try to add a web reference too the service in the new desktop application it just throws the page to the login page of the website if I logon I can then browse to the web service but it does not find any of the methods to add from the service.

If I turn off forms authentication on the website it works fine I can browse to the web service when adding the reference and it picks it up and shows all the various methods.

So how can I get my webservice to work on a site that incorporates Forms authentication?

thanks
Eric

Goksly · 20 Aug 2009 at 22:00

I'm pretty sure that form authentication is a asp.net / iis technology, so cannot be used with winforms. My suggestion would be to put the web service in its own solution. If you wish to make it secure, add username / password properties to the objects sent to the webservice so you can authorise it on a per call basis. This is what all the secure webservices I have used do.

akakjs · 21 Aug 2009 at 08:04

You're looking for the location element in the web.config, it lets you disable asp.net's forms authentication for specificed directories and files.

I'm pretty sure that form authentication is a asp.net / iis technology, so cannot be used with winforms

Since 3.5 you can remotely "use" asp.net's membership model via the authentication services, so you can use asp.net memebership in winforms as well now

However you do need a web-backend to connect to.

akakjs

eric_knapper · 21 Aug 2009 at 12:08

After reading Goksly's reply last night I tried another approach and created a stand alone webservice project, created a new virtual directory for it on the host and uploaded it. Even though it was a separate application when browsing to the webservice it still redirected to the other applications login page!.

So at that point I was up against a problem with web.config file inheritance gave up for the night to try again today. I was just reading an MSDN article on configuration file hierarchy and inheritance http://msdn.microsoft.com/en-us/library/ms178685.aspx when I noticed Akakjs's reply about using location tags.

So I cleaned up the system a bit first. I removed the new standalone Ws, in the original app I removed the Ws from that and replaced it with a default helloworld Ws that would go in the wwwroot. I then removed all existing authorization tags left the original <deny users="?"/> for the Forms authentication and then added this location tag at the top of the web.config

<location path="hello.asmx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>

and that seems to have done the trick I still have forms login required for the existing site but the webservice is exposed to make reference too. Looks like I will have a problem with web.config inheritance when I add the next part of the project which another web application but that's a problem for another day :-)

Thanks
Eric.