First off, I am only now familiar with with the issues with regard to Autorization and JSON services. See:
How to manage a redirect request after a jQuery Ajax call.
My situation:
I have an admin directory, with its own “admin” directory, denying unauthenticated users:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
Within this directory is my main page and two Http Handlers which I’m using for uploading files and what not. Now, while I’ve got code to handle the situation when a user is unauthorized when the handler is accessed via GET or POST, it seems the handler is never executed, and the GETs/POSTs get redirected to the login page. I suppose this is all well and good, but I’d really like the http handlers themselves to handle the issue and handle it differently (at least give something like a 401 code instead of redirecting).
It seems like it should be fairly easy (and I bet it probably is easy) to poke holes to allow the HTTP handlers to handle their own security, but I’m kinda at my wit’s end here, so I was hoping somebody would kindly show me how I need to modify the web config to allow those services to handle their own authorization. Thanks!
Have you tried specifying for each one?
Be careful. Order matters. So least restrictive to most restrictive top to bottom.