OK so whenever anyone hits our site who is not logged in, it pushes to the login page and has them sign in, and then pushes them back to the page they attempted to access. I have been tasked to create a service (using ASHX) that returns reporting data via xml. This is all done, however in order to access it you have to be logged in. Instead of logging in I am going to have them pass a token through query string to authenticate that it is a valid request. However I am unsure how to go about bypassing the forced login. Is this too vague or does anyone have any ideas? I suppose the last ditch effort would be to create a totally separate site in ISS but I would like to avoid that if possible.
Share
One way to do it in the same site would be to have your service accessible anonymously, then do your own authentication inside the service against the token.
Edit:
To allow anonymous, add a section to your web.config that allows full access to a directory that contains your service. For example, your service is http://www.foo.com/Services/bar.asmx.. Add this to your web.config where your other authorization sections are:
Then, in your service, authenticate your token you’ve passed in however you want to. If the authentication doesn’t pass, throw a SoapException. How to authenticate all depends on how you are currently authenticating in your login page..
Hope this helps.