views:

376

answers:

2

I have an ADO.NET Data Service (we'll call it service.svc). When I deploy it to an IIS 6 site with Integrated Windows Authentication turned on, all requests (GET, POST, PUT, and DELETE) work fine for me, because I am an administrator on the box. However, when a non-admin user hits the service, only GET and POST requests work. When they try a PUT or DELETE request, they get an HTTP 401.3 "Access is Denied" error:

"Error message 401.3: You do not have permission to view this directory or page using the credentials you supplied (access denied due to Access Control Lists). Ask the web server's administrator to give you access to '...\service.svc'."

If I give the "Authenticated Users" local group write access to the .svc file, everything works as it should, but I really don't want to do this (and don't think I should have to do this to get this to work). In fact, I'm confused as to why changing the file permissions would affect this at all, but it definitely seems to be the problem.

I've found a couple of different suggestions to fix somewhat similar problems in the Microsoft forums (Here, and I would post more links, but am being told that new users can only post one link in a post), but none of the solutions help.

Any help is much appreciated. I am certainly no IIS expert, and this one has got me stumped.

A: 

Try enabling WebDAV under Web Service Extensions in IIS Manager.

Hans Malherbe
+1  A: 

I ran into this same problem and have not found a complete solution but I did find another workaround (other than granting write permission as you mention) you can use so that you don't have to grant write permissions. You can use POST tunneling to do all your calls as POSTs and then you add a header to tell the service what it actually is...

Here is the thread discussing the same issue and how to do POST Tunneling to work around it.

Brian ONeil
Not perfect, but definitely a workaround. Thanks!
Nate