tags:

views:

289

answers:

2
Q: 

How do I hide the username/password prompt that appears when a [WebMethod] gets called on an invalid session?

I have a .aspx with a static method decorated with the [WebMethod] attribute and a ScriptManager on the page, so that the WebMethod can be called with PageMethods.MethodName(). Forms authentication is enabled.

This works well in all scenarios except where the WebMethod is invoked on an expired session. When that happens, the service returns HTTP 401 and a username/password dialog pops up! I would much rather the user be redirected, as they are with any other request (including asynchronous postbacks). Is there a way to trap that specific condition, or to configure the application to do the right thing when presented with this case?

edited to correct actual HTTP status code - it's an HTTP 401, not a 403

A: 

You could setup a webservice for your application that could check IsUserAuthenticated() before you call your WebMethod. If it returns false you could then do a redirect in javascript to your login page and avoid the error. Make sure that this web service doesn't require authentication.

The problem is that the AuthenticateRequest event gets processed before your page ever gets control. Which means there is nothing you can do in the codebehind to solve this issue. Because it's the FormsAuthenticationModule which is rejecting the request and returning the HTTP 403.

Keltex  2009-07-24 00:13:21
What's perplexing me here is that with other http requests, like postbacks (synchronous or otherwise), the FormsAuthenticationModule correctly sends a 302 redirect to the login page. It's only for web requests that the 403 comes back.
DDaviesBrackett  2009-07-24 04:00:14
@DDaviesBrackett I wonder if you want to dig into the asp.net source code.
Keltex  2009-07-24 15:24:55
+1  A: 

We havet the same problem. We resolved this by disabling Windows Authentication on IIS. That is strange, because our application is configured to use FormsAuthentication too.

Tadas  2009-07-24 14:06:11
This solution works, although there was some trepidation implementing it in our environments because in .Net1.1, disabling Integrated Windows Authentication prevents VS2003 from attaching to IIS.
DDaviesBrackett  2009-07-24 17:51:57

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?