403 - Forbidden when using POST on custom service

I created a custom service following this guide: https://academy.bpmonline.com/documents/technic-sdk/7-12/how-create-custom-configuration-service. The GET method works as expected but when I created a POST endpoint, the only response I get is 403. Actually sending POST request to any endpoint ends up with this error. My class looks like this:

[ServiceContract]
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]
public class UsrCustomService: BaseService
{
	[OperationContract]
	[WebInvoke(Method = "POST", RequestFormat = WebMessageFormat.Json, BodyStyle = WebMessageBodyStyle.Wrapped, ResponseFormat = WebMessageFormat.Json)]
	public bool PostTest()
	{
		return true;
	}
 
	[OperationContract]
	[WebInvoke(Method = "GET", RequestFormat = WebMessageFormat.Json, BodyStyle = WebMessageBodyStyle.Wrapped, ResponseFormat = WebMessageFormat.Json)]
	public string GetTest()
	{
		return "Hello world";
	}
}

Do you know how can I fix it?

Like 0

Like

7 comments

Dear Carlos,

This error indicated that you are forbidden to insert into the object. This usually happens, when the user, whose login details you are using to connect does not have rights to write to the indicated object.

Please double check the rights for the object per user you are authenticating with.

Regards,

Anastasia

Anastasia Botezat,

Hm, I'm not inserting into any objects here, the service just returns constant values (for now). I'm also authenticating with Supervisor account.

Carlos,

Please check the CSRF header in your request. Probably, you don't pass CSRF cookie and therefore get the error - https://academy.bpmonline.com/documents/technic-sdk/7-12/protection-csrf-attacks-during-integration-bpmonline

If this won't help. please contact our support at support@bpmonline.com, since it's hard to say what's wrong with the request as we don't see the request body and the request headers. Please, use Fiddler as a proxy and send us a full text of the request from Fiddler. This way we will be able to find the cause of issue.

Regards,

Anastasia

Carlos Zaldivar Batista,

How are you calling the configuration service? Is it from within a client schema or from externally using code or something like postman? 

Ryan 

Ryan Farley,

Postman. And before making request to UsrCustomService I first make a request to /ServiceModel/AuthService.svc/Login to obtain authentication cookies.

Carlos Zaldivar Batista,

Are you also copying the contents of the BPMCSRF cookie on the call to AuthService.svc/Login to the CSRF header for the request to the config service? 

This article in the academy outlines the steps for making this call via Postman https://academy.bpmonline.com/documents/technic-sdk/7-13/how-call-confi…

Ryan Farley,

Nope, that's what I was missing. Thanks!

Show all comments