Hello all,
I have a web service(.asmx) that is written in .NET. There are two methods in it; Login() and Add().
Login() gets username and password, validates user via ASP.NET membership provider. Once the user is authenticated, Add() web service method can be called(there is authentication and role check).
I have following attributes for Add() method.
[PrincipalPermission(SecurityAction.Demand, Authenticated = true)]
[WebMethod(EnableSession = true)]
When I open up an internet browser and log the user via Login() web service method, I can invoke Add() web service method through internet browser without any problem and it works.
Nonetheless, I cannot do this(Login() call first and then Add() call) from another web service. Even I call the Login() web service method first and get back the correct result, session(logged in data) is lost no my second call to Add() web service method. The error is the following.
System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.Security.SecurityException: Request for principal permission failed.
at System.Security.Permissions.PrincipalPermission.ThrowSecurityException()
at System.Security.Permissions.PrincipalPermission.Demand()
All the environment is .NET and standard membership provider is used, is there any way that I can store the session(authentication data) between two web method calls from a web service?
Kind Regards, cas