WCF / ASMX :: Enabling JSONP For Authenticated Users?
Mar 6, 2011
We have a series of Silverlight apps that use WCF services via SOAP for just about everything. As we migrate to AJAX we've been hoping to expose the same services via JSONP with little more than config changes on the server.Although the message "Cross domain javascript callback is not supported in authenticated services" seems pretty explicit, I'm hoping there might be a way to allow it. We have a need to expose user-centric data across domains, but we'll need to roll our own JSONP to make it happen if this is a hard "unsupported". It would be even better if there was a way for the server to validate the referrer against the client access policy we provide for Silverlight clients, but for now we just need the general requests to not fail if the user happens to have an auth cookie for our domain from a previous visit.f there's no way to allow this to just work, we're also considering the option of channeling the requests through an IFRAME, but we're definitely open to other recommendations.
I've a default.aspx page in my application's root folder. I added a a page in the root of inetpub that redirects requests to the default page. The idea is that the user need only enter the server name to get to the default page. How can I set things up so that all users have access to the default.aspx and that they only have access to the other pages once they've been authenticated?
I am using Windows Integrated Security and the users are being challenged and authenticated properly. I want them to be able to access Default.aspx without any challenges.
(On a side note which may answer this question, when using WIS does the user *allows* have to be challenged? Isn't it possible to pass through their Windows User and ID without the prompt?)
c: inetpubwwwroot edirect.aspx (set as default document in IIS and simple executes Response.redirect("sites/mercury/default.aspx") c:documents and settingsall usersdocumentswebsitesmercurydefault.aspx (home page for the site & server)web.config includes
I'm setting up a new web forms app and want to use ASP.NET membership. All my users must be authenticated. What is the best way to implement this?I'd love to deny all unauthenticated users in the root folder of the app by setting this in web.config but then where would I put the login folder? I'd like the login folder to be a subfolder of my root folder so that the URL can be www.myapp.com/login/Another idea is not to put the restriction in the web.config but put the logic in Session_Start in global.asax but I really like the idea of controlling who can see what using web.config files.
I have a web service project setup to allow only AnyHttpSoup requests though in the web.config. I do not want to allow any get or post calls through. Below is my setup in my web.config.
[Code]....
However, I would like to allow HTTPGet for just one method in my asmx file. This method will be used by monitoring software to ensure the web services are working and available properly. (My monitoring software does not suppoer web services, however, if I am able to do at HTTPGet on the web web service, the monitor software should be able to pickup the response.)
Is is possible to disable HTTPGets for all web methods but just allow it for one web method?
we want to have a fronend to a custom databasince, since I do have experiance with HTML/CSS and have used VB.NET before, I'm the one that gets to make it.
problem is, the one thing I have not used before is the autentication system in ASP.NET, I want to use single-signon for the system.
and I do have this right now, the only problem I have is how do I check if a user is logged in, and change the page content for autenticated users.
the template does have this:
[Code]....
which does indeed change the login view, problem is, how do I change this to change the pages and menu.this:
[Code]....
has to be a longer menu that also gives options to insert data into the database and/or remove/update the data.
I have a simple user-registration website where I keep records of registered users. I also have an admin page to upload videos, however videos are uploaded to a different server.
I want to show this video only to my registered users on my website, since the video is on second server, how can I protect it?
I thought I could build an application and install it on second server, this app will watch whether the requested url is for videos, if so then it'll redirect the user to my login page and here he'll be authenticated and again redirected to the same video url.
This causes even the authenticated users but unauthorized resource requested users to redirect to logon page. but i need only to redirect this page if user try to access unauthorized page and not already authenticated(logged on) and redirect to custom page.
Is there easy way to do this without writing custom action filter?
I've created a photo database and search engine that creates a xml that corresponds to the multiscale image xml.My problem is how to enable multi users to search at the same time?
I have an MVC 3 application which uses asp.net authentication. I have just created a custom errors controller and a couple of views for unknown errors and 404's. This works fine when I am logged into the application but if an internal server error happens during logon I would like to display the error/unknown view. However I just keep getting redirected back to the login as I am not authenticated.
I have added a location path for 'Views/Error' to my Web.config to allow access to all users but I am guessing it's the controller access that is causing the redirection.
Is there any way you can allow this in MVC or do I need to think of another solution? Just did not want to add a generic message to the login page as that's what my unknown error view is for.
I am using the membership provider and am reasonably comfortable that all of my web pages are safe.Some of the pages contain hyperlinks to documents (pdf, xls, etc.) stored in a folder under the root of the web site. I have disabled the ability of users to anonymously list folder contents, but I don't see a way to keep anonymous users from accessing the documents if they know the specific URL for that document. Example; if the document contains a spreadsheet of current sales, I don't want an ex-employee (who captured the URL while working here) to be able to bring up the current document.asswording the documents isn't a good choice because there are hundreds and we'd like to avoid changing them all every time someone leaves, or weekly, or whenever...Is there a way to restrict access to all contents of a web folder to people who have been authenticated?
I am building a RESTful service using WCF. I basically want to save information about a user when they authenticate to the WCF service. For example I want to save their first name, last name, account number , and password in order to access the information in other requests in the same session. Since this information is sensitive I can not store it in a cookie.
I don't want to use asp.net session state because I plan to run this WCF as a Windows Service. Is there something (class, Assembly) I can use that can save user information and retrieve it per request or do I have to create a custom solution that will create an entry in a database every time a client authenticates to the WCF service.
I am not able to allow/deny users based on roles in the web.config (using <location path>). The following does not work even if the user is in the 'Admin' role:[Code]....
I am able successfully execute IsUserInRole() and GetRolesForUser() in the codebehind and get expected results. The same applies to the web.sitemap, adding roles in there do not seem to apply to the user even if he is a member of the role.
Here is my web.config (trimmed some sections out so it's not too long):[Code]....
I am having a simple WCF service hosted in my website. I am using a console client to send and receive messages from the service. It works fine when I run the WCF web host in my local computer, but fails badly with the SecurityNegotiation exception "The caller was not authenticated by the service". It works fine if I use basicHttpBinding, but fails for wsDualHttpBinding which is required for duplex communication.All the source code for both (console) client & (web) server can be downloaded at:http://www.supernovaservices.com/downloads/WfcEventService.zipI have searched a lot and could not get a proper answer
in my webservice (asp.net) I'm returning the response with a content type of application/javascript. The response the server is actually sending back is: jsonp1276109314602({"message":"I'm getting tired of this not working"}) The jsonp1276109314602 method name is being randomly generated by jquery, and I'm grabbing it with Request.QueryString["callback"] However my success function is never called and the firebug console gives me an error saying jsonp1276109314602 is not defined. What am I doing wrong?
NOTE: I'm making this call from a greasemonkey script on a craigslist page. It's a cross-domain request, but I can see the request is actually making it to the server and returning a good response, but for whatever reason the registered callback that jquery creates appears to not exist when the response comes back. It works fine if I run the script in the firebug console from the craigslist page, but not when it's run from the greasemonkey script.
EDIT: At first I thought it wasn't working cross domain at all, now I realize it only works in IE. I'm using jQuery to call a web service (ASP.NET .axmx), and trying to us jsonp so that I can call it across different sites. Right now it is working ONLY in IE, but not in Firefox, Chrome, Safari. Also, in IE, a dialog pops up warning "This page is accessing information that is not under its control..."
The service cannot be activated because it does not support ASP.NET compatibility. ASP.NET compatibility is enabled for this application. Turn off ASP.NET compatibility mode in the web.config or add the AspNetCompatibilityRequirements attribute to the service type with RequirementsMode setting as 'Allowed' or 'Required'.
when i try to access wcf service i get this error: the reason is HttpContext.Current is null, what should i do in this case?
Object reference not set to an instance of an object.
System.Web.Script.Serialization.JavaScriptSerializer s = new System.Web.Script.Serialization.JavaScriptSerializer(); Person p = new Person() { FirstName = "First name", LastName= "last name" }; string json = s.Serialize(p); System.Web.HttpContext.Current.Response.Write("jsoncallback" + json);} //error
How can I implement Jquery JSONP in my ASP.NET project. My application flow is described below:
1) I am opening a HTTP page, where I have got JQuery login dialog box, from which username and password is posted to my Login.aspx page, which has got one method "GetLoginDetails" which takes posted username and password and sends to a WEBSERVICE which checks the users name and password and return back with "success=true"
2) so in my response I get "success=true", I read that value from jquery and works according to responded text on my client side it display message "Logged in Successfully".
I am trying out jsonp with jQuery. I found many examples on the web and I believe my code is correct, but its still not working for me.
My web service:
using System.Web; using System.Web.Script.Services; using System.Web.Services; using System.Web.Script.Serialization;..........
Firebug shows this is a success, but I am getting null from the alert. I have my webservice in iis7 locally and I am testing through my debug in my client project.
I'm working on an intranet system (.NET 3.5); the main pages are served up from a standard ASP.NET server. I would like to use Ajax on those pages to contact a WCF service running on a different machine, to retrieve data, do CRUD operations - the usual Ajax stuff.
The problem I'm trying to resolve is: can I take cookies which were set by the ASP.NET server, and include them on requests to the WCF service? If so, how?
My understanding is that JSONP bypasses XSS restrictions by "wrapping" the Ajax request within a standard <script src="MyAjaxCall?SomeData=SomeValue"> tag. With that in mind, it would seem I'm at the mercy of the browser as to which cookies (if any) will be included in MyAjaxCall. Since the cookies originate from the ASP.NET server, the browser likely won't include them in the call to WCF.
Since this is an intranet application, I cannot necessarily rely on domain wildcarding (*.mydomain.com) to make sure the cookies are shared across multiple machines - the client may well be accessing machines by their simple network name or even IP address directly.
edit: accepting Julian's answer, since using JS to manually grab a cookie's payload and jam it onto the URL seems like the only way to work-around the restriction (tho it feels somewhat inelegant :)
i have a need to generate JSONP using MVC 2 for a 3rd party App...It seems there is no actionresult for this OOTB in MVC 2 so i need to create a custom one..i found the following article on such here; [URL] My first question is...Where do i put the custom actionresult code? Secondly...How can i use this to new JSONP actionresult to return data from my data model? Currently , my current JSON actionresult (remember..i need JSONP) looks like this;
[Code]....
How can i use the new JSONP Actionresult to return db.GetTopGainers()?
I´m using mvc futures 2 with WebApiEnabled for XML and JSON support. But due to cross domain issues with jQuery $.ajax I´m lookin in to JSONP. Is there a simple way to extend futures rest function for JSONP or should I do something else.