My question revolves around a WCF REST Service for IIS that responds with JSONP. I took the classes in this solution: http://msdn.microsoft.com/en-us/library/cc716898.aspx and added them to mine. Things were working fine on my developer workstation using impersonation with httpTransport but when I tried to move up to the development server I ran into some security issues. These issues were solved using the configuration below and an App Pool identity user. I also configuring the IIS metabase file for NTLM only authentication (we are using IIS 6 but will be IIS 7 soon, needs to work on both) as I don't have access to make an SPN. I believe the current configuration solved my security problems but in the process my JSONP response was downgraded to regualar JSON, this is the problem. Here is the relevant configuration:
<services>
<service name="IS.Core.Infrastructure.RESTRouter.Transactions" behaviorConfiguration="">
<endpoint address="" behaviorConfiguration="webHttp" binding="customBinding"
bindingConfiguration="jsonpBinding" contract="IS.Core.Infrastructure.RESTRouter.ITransactions">
</endpoint>
</service>
<service name="IS.Core.Infrastructure.RESTRouter.Queue" behaviorConfiguration="">
<endpoint address="" behaviorConfiguration="webHttp" binding="customBinding"
bindingConfiguration="jsonpBinding" contract="IS.Core.Infrastructure.RESTRouter.IQueue" />
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="webHttp">
<webHttp />
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<customBinding>
<binding name="jsonpBinding">
<jsonpMessageEncoding />
<httpsTransport
manualAddressing="true"
authenticationScheme="Ntlm" />
</binding>
</customBinding>
</bindings>
<extensions>
<bindingElementExtensions>
<add name="jsonpMessageEncoding"
type="IS.Core.Infrastructure.RESTRouter.JsonpBindingExtension, RESTRouter, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
</bindingElementExtensions>
</extensions>
Here is one of the interface method definitions:
[OperationContract]
[WebGet(UriTemplate = "{ModelPath}/{ObjectTypeName}?callback={callback}", ResponseFormat = WebMessageFormat.Json)]
[JSONPBehavior(callback = "callback")]
JSONPXml NewObject(string ModelPath, string ObjectTypeName, string callback);
Here is its implementation:
[OperationBehavior(Impersonation = ImpersonationOption.Allowed)]
public JSONPXml NewObject(string ModelPath, string ObjectTypeName, string callback) {
int val = getEmployeeIdByNTUsername(OperationContext.Current.ServiceSecurityContext.PrimaryIdentity.Name);
JSONPXml jsp = null;
EntityPluginReflectorClient client = null;
try {
client = new EntityPluginReflectorClient();
string output = client.NewObject(ModelPath, ObjectTypeName);
jsp = new JSONPXml() { xml = output };
} catch (Exception e) {
InfrastructureLog.WriteException(this, "NewObject", e);
jsp = getExceptionResponse(e);
}
finally {
client.Close();
}
return (jsp);
}
and here is the data contract:
[DataContract()]
public class JSONPXml {
public JSONPXml() { }
[DataMember]
public string xml;
}
Please let me know if more information is needed and thanks for looking into this.