I have one website that hosts a webservice which uses membership provider authorization. I would like to be able to authenticate through my webservice call from a second site without getting bounced back to my login page on the webservice site. How can I accomplish this?
As a side note, it would be best for me to allow a custom rule for specific hosts accessing the site. So if the request is coming from www.mysite.com, it would override the authorization.
You would have to place a web.config file inside the directory of your webservice and allow anonymous access to it. Or you could make it Windows Authentication only and use impersonation to authorize the call.
You may use a <location/> tag in your web.config to open a specific directory or file up.
I don't believe there is an intrinsic method of access control by host.
A very simple way to do this would be by implementing a simple HttpModule that guards the endpoint or directory.
using System;
using System.Net;
using System.Web;
namespace HttpLibArticleSite
{
public class GuardDogModule : IHttpModule
{
#region IHttpModule Members
public void Init(HttpApplication context)
{
context.BeginRequest += BeginRequest;
}
public void Dispose()
{
//noop
}
#endregion
private static void BeginRequest(object sender, EventArgs e)
{
HttpContext ctx = (HttpContext) sender;
if (ctx.Request.Url is not guarded) return;
if (ctx.Request.Headers["take your pick"] != what
you want)
{
ctx.Response.StatusCode = (int) HttpStatusCode.Forbidden;
ctx.Response.End();
}
}
}
}
not complied, obviously, and not tested but will get you where you need to go. Just refer to the web.config system.web/httpModules section to see how to deploy.
Cheers.