Register | Log In
Download Contact
Community > Community Exchange

Welcome to the Community Exchange

Welcome to the Community Exchange, a place where community members can exchange questions and answers related to DotNetNuke. If you would like more info about the Community Exchange, please visit this page in our Wiki. 

Ask a Question

Unauthorized POST to web service

Hello,

I'm trying to execute a post request to a service in 6.2 and I keep getting a 401 (unauthorized) error. 

req = WebRequest.Create(service)
req.ContentType = "application/json"
req.Method = "POST"
req.ContentLength = jsonBytes.Length
 
stream = req.GetRequestStream
stream.Write(jsonBytes, 0, jsonBytes.Length)
stream.Close()
 
response = req.GetResponse().GetResponseStream
reader = New System.IO.StreamReader(response)
result = reader.ReadToEnd
reader.Close()
response.Close()

I think I must be missing sending some authentication information. But, I can't figure out what... 

Can anybody help me out here?

Thanks,

Mike
asked 8/10/2012
Mike Ryckman131
Mike Ryckman

  • Thanks for the thoughts so far. I'm going to play with things today and see what I can do. The context is a store cart system. I want the cart to be able to have items added to it from other sub-systems, but, the cart will need to inform those sub-systems when an item is removed/purchased. So, I thought that if the sub-systems just sent an "approval service url" kind of thing that the cart can use to inform the various systems of changes, then that would work well. I'd rather not use the API because then the cart system needs to reference every sub-system that could want to purchase anything. - Mike Ryckman 8/13/2012

  • I think I figured out part of this... I think I need to also post the validation token. But, there doesn't seem to be a way to generate the token through the API. In DotNetNuke.Framework.ServicesFramework, I see a private function that creates an HTMLHelper that DNN uses to get the token. But, this is only made for putting it into the page as HTML. - Mike Ryckman 8/11/2012

2 Answers

If the service requires authentication (e.g. not anonymous) then you need to provide credentials for authentication.  This can be in any of 3 forms:

1) Web forms, the cookie will be created when user logs in with their browser (typically only used in Ajax situations)

2) Basic Authentication (works well with WebClient, but you should use an SSL connection)

3) Digest Authentication (works well with WebClient, more secure than Basic Auth, SSL is more secure but this is better than plain text.  Will not work with a typical XmlHttpRequest)

Additionally if the service was developed using Module Authorization then you configure the appropriate permissions for the user on the module instance, and send the module and tab id in the headers (I can't remember if querystring or cookies will still work too) of the request.

Finally if the service requires anti-forgery validation it is only intended for use in an AJAX situation.  While I suppose it would be possible to hack up a solution that fetches the correct page and parses the forms and cookies in order to later post the correct values it is not trivial and not how the service was intended to be used.
answered 8/12/2012 Scott S 233
Scott S

  • P.S. a good way to reverse engineer calling a service is to inspect calls from it's "official" client using Fiddler. Also, the substantial majority of services that shipped in the core are parts of modules, or explicitly labelled Internal. Either way these are not official public APIs and will likely suffer breaking changes in the future. - Scott S 8/12/2012
Is the web service based on the dnn service framework? t expects that module id and tabid are passed into. It than can detect the calling user based on its auth cookie. 

If a module calls that service on server side, there is no such cookie. It will always be authenticated to anonymous, even if "helper' information has been supplied. In that case I would suggest to not calling that service but the API behind. 

Use a service for client -server communication and API calls on server side.  
answered 8/12/2012 Stefan Cullmann 161
Stefan Cullmann

Your Answer

In order to provide an answer to this question, you must Login

I am flagging this question because...
10 inform moderator flags remaining

I am deleting this question because...

I am flagging this answer because...
10 inform moderator flags remaining

Flagging a Post

You have already flagged this post. Clicking "Remove Flag" below will remove your flag, thus reducing the count by one as well.

I am deleting this answer because...

DotNetNuke Corporation

DotNetNuke (DNN) provides a suite of solutions that make designing, building and managing feature-rich sites and communities fast, easy and cost-effective. The DotNetNuke Platform CMS is the foundation for more than one million websites worldwide. DNN Social, our newest solution, enables businesses to create immersive, interactive communities. Thousands of organizations like True Value Hardware, Bose, Cornell University, Glacier Water, Dannon, Delphi, USAA, NASCAR, Northern Health and the City of Denver have leveraged DNN to deploy highly engaging business- critical websites. Our rapid growth in product sales and deployments resulted in DotNetNuke Corp. being named one of the fastest growing private companies in America by Inc. Magazine in 2011 and 2012.
Copyright © 2002-2013 DotNetNuke Corp. / Terms of Use / Privacy
Hosted by MaximumASP