Forms Authentication, Web Service, and AJAX

Discussion in 'ASP .Net' started by Leszek, Dec 3, 2009.

  1. Leszek

    Leszek Guest

    Hello,

    I'm using a plain vanilla AJAX (not ASP.NET Ajax) in my web application:

    // The name of the Web Service method: GetData
    // Parameters: CatID, pageSize
    var soap = "<?xml version=\"1.0\" encoding=\"utf-8\"?>" +
    "<soap:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"
    xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"
    xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\">" +
    " <soap:Body>" +
    " <GetData xmlns=\"http://www.mywebsite.com/webservices\">" +
    " <catId>2</catId>" +
    " <pageSize>10</pageSize>" +
    " </GetData>" +
    " </soap:Body>" +
    "</soap:Envelope>";

    // WEB_SERVICE_URL - a URL to my web service
    // WEB_SERVICE_HOST - host name
    req.Open("POST", WEB_SERVICE_URL, false);
    req.setRequestHeader("Host", WEB_SERVICE_HOST);
    req.setRequestHeader("Content-Type", "text/xml; charset=utf-8");
    req.setRequestHeader("Content-Length", soap.length);
    req.Send(soap);


    I'm using Forms Authentication in my applicatio but I found that passing the
    authentication cookie to the Web Service does not work as expected.

    // ASP.NET Authentication code
    if (FormsAuthentication.Authenticate("admin", "pswd"))
    {
    // Does not matter if the SetAuthCookie is called.
    // The web service won't be authenticated anyway.
    //FormsAuthentication.SetAuthCookie("admin", false);

    // RedirectFromLoginPage calls SetAuthCookie internally.
    FormsAuthentication.RedirectFromLoginPage("admin", false);
    }

    I tried to use several methods to pass and access the auth. cookie:
    - HttpContext.Current.User.Identity.IsAuthenticated (from the web service)
    - using the session state with [WebMethod(EnableSession=true)]
    - Creating and passing the GenericPrincipal explicitly.
    - Creating cookies explicitly and attaching them to the request.

    None of the methods work. IsAuthenticated is always false, and
    User.Identity.Name is empty.
    Oddly enough the session state in the web service is also wiped out. It
    seems like the AJAX call to the web service creates a new session! No wonder
    there is no auth. cookie attached.

    Question:
    How to pass the auth. cookie to the web service using the AJAX call?

    Any help would be greatly appreciated,

    Leszek
    Leszek, Dec 3, 2009
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Eric
    Replies:
    2
    Views:
    1,459
    Tommy
    Feb 13, 2004
  2. Not Me
    Replies:
    1
    Views:
    3,183
    Not Me
    Jun 5, 2007
  3. Eric
    Replies:
    2
    Views:
    501
  4. Replies:
    1
    Views:
    233
    Joe Kaplan \(MVP - ADSI\)
    Jun 14, 2006
  5. Replies:
    3
    Views:
    366
Loading...

Share This Page