How to disable web-service cookie authentication

Let's suppose you have created a new web-service UsrCustomService.svc and you need to disable cookie authentication. Here is the

list of changes to be done:

Make changes to the site folder

• In folder \Terrasoft.WebApp\ServiceModel\ create file UsrCustomService.svc with text:

<%@ ServiceHost Language="C#" Debug="true" Service="Terrasoft.Configuration.UsrCustomService" %>

Important! Specify full service name including the namespace

• In file \Terrasoft.WebApp\ServiceModel\http\services.config and \Terrasoft.WebApp\ServiceModel\https\services.config add section:

<service name="Terrasoft.Configuration.UsrCustomService">
    <endpoint name="UsrCustomServiceEndPoint"
        address=""
        binding="webHttpBinding"
        behaviorConfiguration="RestServiceBehavior"
        bindingNamespace="http://Terrasoft.WebApp.ServiceModel"
        contract="Terrasoft.Configuration.UsrCustomService" />
</service>

• In file \Terrasoft.WebApp\Web.config in the  section  to the value of the key AllowedLocations append ;ServiceModel/UsrCustomService.svc and add next section into configuration section:

<location path="ServiceModel/UsrCustomService.svc">
  <system.web>
    <authorization>
      <allow users="*" />
    </authorization>
    <httpRuntime requestValidationMode="2.0" executionTimeout="28800" /><!--For incoming message in 'Raw' format-->
    <pages validateRequest="false" />
  </system.web>
</location>

Example different requests

UsrCustomService.cs

namespace Terrasoft.Configuration
{
    using System;
    using System.IO;
    using System.Linq;
    using System.Net;
    using System.Text;
    using System.Web;
    using System.Collections.Generic;
    using System.Collections.ObjectModel;
    using System.Collections.Specialized;
    using System.Runtime.Serialization;
    using System.ServiceModel;
    using System.ServiceModel.Web;
    using System.ServiceModel.Activation;
    using Terrasoft.Common;
    using Terrasoft.Core;
 
    #region Class: UsrCustomService
 
    [ServiceContract]
    [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]
    public class UsrCustomService {
 
        #region Constructors
 
        public UsrCustomService() {
        }
 
        public UsrCustomService(HttpContextBase httpContext, UserConnection userConnection) {
            _httpContext = httpContext;
            _userConnection = userConnection;
        }
 
        #endregion
 
        #region Properties: Protected
 
        private const int StreamReaderBufferSize = 65536;
 
        private HttpContextBase _httpContext;
        protected virtual HttpContextBase CurrentHttpContext {
            get { return _httpContext ?? (_httpContext = new HttpContextWrapper(HttpContext.Current)); }
        }
 
        private UserConnection _userConnection;
        protected UserConnection UserConnection {
            get {
                if (_userConnection != null) {
                    return _userConnection;
                }
                _userConnection = CurrentHttpContext.Session["UserConnection"] as UserConnection;
                if (_userConnection != null) {
                    return _userConnection;
                }
                var appConnection = (AppConnection)CurrentHttpContext.Application["AppConnection"];
                _userConnection = appConnection.SystemUserConnection;
                return _userConnection;
            }
        }
        #endregion
 
        #region Methods: Private
 
        private void SetOptionsCORS() {
            CurrentHttpContext.Response.AddHeader("Access-Control-Allow-Origin", "*");
            CurrentHttpContext.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST");
            CurrentHttpContext.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept");
        }
 
        private void SetHeaderCORS() {
            CurrentHttpContext.Response.AddHeader("Access-Control-Allow-Origin", "*");
        }
 
        private NameValueCollection ParseQueryParameters(Stream stream) {
            var rawPostData = new StringBuilder();
            char[] buffer = new char[StreamReaderBufferSize];
            int readLength = 0;
            using (StreamReader streamReader = new StreamReader(stream)) {
                while ((readLength = streamReader.ReadBlock(buffer, 0, StreamReaderBufferSize)) > 0) {
                    if (readLength < StreamReaderBufferSize) {
                        char[] bufferLast = buffer.Take(readLength).ToArray();
                        rawPostData.Append(bufferLast);
                        bufferLast = null;
                    } else {
                        rawPostData.Append(buffer);
                    }
                }
            }
            buffer = null;
            NameValueCollection queryParameters = HttpUtility.ParseQueryString(rawPostData.ToString(), Encoding.UTF8);
            rawPostData.Clear();
            return queryParameters;
        }
 
        #endregion
 
        #region Methods: Public
 
        [OperationContract]
        [WebInvoke(Method = "OPTIONS", UriTemplate = "*")]
        public void GetWebRequestOptions() {
            SetOptionsCORS();
        }
 
        #region POST: Content-Type: "application/x-www-form-urlencoded"
 
        [OperationContract]
        [WebInvoke(Method = "POST", UriTemplate = "UsrFormRequest", ResponseFormat = WebMessageFormat.Json)]
        public ConfigurationServiceResponse UsrFormRequest(Stream stream) {
            SetHeaderCORS();
            ConfigurationServiceResponse response = new ConfigurationServiceResponse();
            if (UserConnection == null || stream == null) {
                response.Success = false;
                return response;
            }
            try {
                NameValueCollection queryParameters = ParseQueryParameters(stream);
                ///TODO: your code here
            } catch (Exception e) {
                response.Exception = e;
            }
            return response;
        }
 
        #endregion
 
        #region POST: Content-Type: "application/json"
 
        [OperationContract]
        [WebInvoke(Method = "POST", UriTemplate = "UsrJsonRequest",
            RequestFormat = WebMessageFormat.Json, ResponseFormat = WebMessageFormat.Json)]
        public ConfigurationServiceResponse UsrJsonRequest(JsonDataRequest request) {
            SetHeaderCORS();
            ConfigurationServiceResponse response = new ConfigurationServiceResponse();
            if (UserConnection == null || request == null) {
                response.Success = false;
                return response;
            }
            try {
                ///TODO: your code here
            } catch (Exception e) {
                response.Exception = e;
            }
            return response;
        }
 
        #endregion
 
        #region GET
 
        [OperationContract]
        [WebInvoke(Method = "GET", UriTemplate = "UsrGetRequest/{request}/", ResponseFormat = WebMessageFormat.Json)]
        public ConfigurationServiceResponse UsrGetRequest(string request) {
            SetHeaderCORS();
            ConfigurationServiceResponse response = new ConfigurationServiceResponse();
            if (UserConnection == null || string.IsNullOrEmpty(request)) {
                response.Success = false;
                return response;
            }
            try {
                ///TODO: your code here
            } catch (Exception e) {
                response.Exception = e;
            }
            return response;
        }
 
        #endregion
 
        #endregion
 
    }
 
    #endregion
 
    #region Class: JsonDataRequest (Example)
 
    [DataContract]
    public class JsonDataRequest {
 
        [DataMember(Name = "first_name")]
        public string FirstName { get; set; }
 
        [DataMember(Name = "last_name")]
        public string LastName { get; set; }
 
    }
 
    #endregion
 
}