Authenticate custom web service

Hello all. I have created a custom webservice that works perfectly with Postman. But have to Auth and set the cookie. I need my custom web service to work from a callback from an external application. Almost like a webhook. 


So I have a url that has a call back url in it from this other application. That app is not Authenticated so I get method not allowed. Are there other ways to auth? Like with an API key in the callback link?  It is a POST Web service.


Thank you

Like 0


Best reply

keith schmitt,


Yes we can. Simply email us at, provide us with the name of the app for which changes should be applied in the Web.config and services.config files, provide us with the complete instruction regarding these changes and with the .svc file itself.


Best regards,



You need to either redesign the webservice to be anonymous on the Creatio side so your third party app could perform request to it without authentication or you need to develop authentication to the Creatio app in your third party application logic (using AuthService.svc, example of the logic can be found here).


Best regards,


Can you setup anonymous access with a cloud instance?

keith schmitt,


Yes we can. Simply email us at, provide us with the name of the app for which changes should be applied in the Web.config and services.config files, provide us with the complete instruction regarding these changes and with the .svc file itself.


Best regards,

Thank you !!!

Oscar Dylan,

So I followed the demo and it works with Auth but not without?  Is there something else I am missing?  Is there some IIS settings?

keith schmitt,


Can you please explain in details what exactly is not working?

Oscar Dylan,

the service works great when authenticated but does not work at all if not authenticated. Both through web browser and through Postman 



HTTP Error 401.1 - Unauthorized

You do not have permission to view this directory or page using the credentials that you supplied.

keith schmitt,


You mean that you've performed the setup of the service according to the article I sent previously and when you perform calls to the endpoint you receive the "Unauthorized" error?

yes, that is correct. I am using that exact code with no changes. I altered the other files as stated in there. I have restarted IIS, restarted with Clio and I still get Unauthorized unless I pass a valid cookie.

Just tried again on a fresh install and I am having the same thing. I even downloaded the sample and installed that as a application. Any ideas?

keith schmitt,


I can only recommend double-check the setup since the same configuration as on the Academy works properly on my side either with Postman and browser and I don't send the session cookie in my request headers:

Mostly seems that the problem is somewhere in either Web.config setup of locations and allowed locations since they are responsible for the service anonymization.

I see you still have to send a username cookie?  Anyway around that?  I am not able to add a cookie with the call back URL.

keith schmitt,


Actually I simply didn't delete it when sending the previous request. Here is the request without any cookie, for example:

Thank you for all of your help.  I feel like I am close.  This is odd. Now it just redirects to the login page. Have you seen that before?

keith schmitt,


Please double-check all the settings of the webservice. First of all try creating the service that is identical to the one described in the Academy example (perform the manual setup, but not using the package from the article). It should also work on your side since it correctly works on my end.

Thank you I have done it both ways on 2 different environments. Still the same results. Have copied and pasted all changes per the doc. Restarted Clio, IIS and cleared Cache.  

keith schmitt,


OK, please provide the Web.config file, services.config file, .svc file and the code of the service class from the configurations directly. I will use the same files in my app to see what happens.

Very kind of you, Thank you. See Below:


  <location path="ServiceModel/UsrAnonymousConfigurationService.svc">
				<allow users="*" />
and     <add key="AllowedLocations" value="api/HealthCheck/Ping;ServiceModel/MsgUtilService.svc;Nui/Feedback.aspx;Nui/UserManagement.aspx;ServiceModel/GeneratedWebFormService.svc;ServiceModel/ExchangeListenerService.svc;ServiceModel/IndexingConfigService.svc;ServiceModel/ReportCallbackService.svc;TestTools/Tests.aspx;TestTools/Tests.Debug.aspx;TestTools/Tests.Release.aspx;ServiceModel/TestDataService.svc;ServiceModel/CaseRatingManagementService.svc;ServiceModel/MandrillService.svc;ServiceModel/EventTrackingService.svc;TestTools/UnitTests.aspx;ServiceModel/ScoringService.svc;ServiceModel/CESWebHooksService.svc;ServiceModel/CESTroubleshootingService.svc;ServiceModel/GeneratedObjectWebFormService.svc;ServiceModel/BsoJivosite.svc;ServiceModel/BsoTilda.svc;ServiceModel/DocumentsService.svc;ServiceModel/PtOauthService.svc;ServiceModel/AletMangoCloudConnector.svc;ServiceModel/ScriptDesignerService.svc;ServiceModel/FacebookWebhookService.svc;Features.aspx;ServiceModel/OpChatraWebhook.svc;ServiceModel/OPMyCallsUtils.svc;/ServiceModel/ServiceOAuthAuthenticatorEndpoint.svc;ServiceModel/MobileMetadataService.svc;ServiceModel/OmnichannelMessagingService.svc;ServiceModel/FacebookOmnichannelMessagingService.svc;ServiceModel/WhatsAppOmnichannelMessagingService.svc;ServiceModel/TelegramOmnichannelMessagingService.svc;ServiceModel/TrcEmailTrackingService.svc;ServiceModel/SocialLeadGenWebhookService.svc;ServiceModel/TotpSendResetPasswordLinkService.svc;ServiceModel/TotpResetPasswordService.svc;ServiceModel/AlmUserService.svc;ServiceModel/UsrAnonymousConfigurationService.svc" />

services.config (both http and https) only using http

	<service name="Terrasoft.Configuration.UsrAnonymousConfigurationServiceNamespace.UsrAnonymousConfigurationService">
		<endpoint name="UsrAnonymousConfigurationServiceEndPoint"
            contract="Terrasoft.Configuration.UsrAnonymousConfigurationServiceNamespace.UsrAnonymousConfigurationService" />


<% @ServiceHost
    Service = "Terrasoft.Configuration.UsrAnonymousConfigurationServiceNamespace.UsrAnonymousConfigurationService"
    Debug = "true"
    Language = "C#"


/* The custom namespace. */
namespace Terrasoft.Configuration.UsrAnonymousConfigurationServiceNamespace
    using System;
    using System.ServiceModel;
    using System.ServiceModel.Web;
    using System.ServiceModel.Activation;
    using Terrasoft.Core;
    using Terrasoft.Web.Common;
    using Terrasoft.Core.Entities;
    [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]
    public class UsrAnonymousConfigurationService : BaseService
        /* The link to the UserConnection instance required to access the database. */
        private SystemUserConnection _systemUserConnection;
        private SystemUserConnection SystemUserConnection
                return _systemUserConnection ?? (_systemUserConnection = (SystemUserConnection)AppConnection.SystemUserConnection);
        /* The method that returns the contact ID by the contact name. */
        [WebInvoke(Method = "GET", RequestFormat = WebMessageFormat.Json, BodyStyle = WebMessageBodyStyle.Wrapped,
        ResponseFormat = WebMessageFormat.Json)]
        public string GetContactIdByName(string Name)
            /* Specify the user on whose behalf to process the HTTP request. */
            SessionHelper.SpecifyWebOperationIdentity(HttpContextAccessor.GetInstance(), SystemUserConnection.CurrentUser);
            /* The default result. */
            var result = "";
            /* The EntitySchemaQuery instance that accesses the Contact database table. */
            var esq = new EntitySchemaQuery(SystemUserConnection.EntitySchemaManager, "Contact");
            /* Add columns to the query. */
            var colId = esq.AddColumn("Id");
            var colName = esq.AddColumn("Name");
            /* Filter the query data. */
            var esqFilter = esq.CreateFilterWithParameters(FilterComparisonType.Equal, "Name", Name);
            /* Retrieve the query results. */
            var entities = esq.GetEntityCollection(SystemUserConnection);
            /* If the service receives data. */
            if (entities.Count > 0)
                /* Return the "Id" column value of the first query result record. */
                //result = entities[0].GetColumnValue(colId.Name).ToString();
                result = SystemUserConnection.CurrentUser.ToString();
                /* You can also use this option:
                result = entities[0].GetTypedColumnValue<string>(colId.Name); */
            /* Return the results. */
            return result;


FYI, my final  issue was I as not using .svc in the url...  Thanks for all the help

keith schmitt,

Hi Keith, When you set up your anonymous web service, did you do so through the cloud? If so, did you need to contact support to register it? Like you, I have created a test web service and am following the document. Step 2 is to register to but from what I can see, Service Master is locked so I'm not sure how to create the SVC and register it.


Yes you will need to log a ticket with support to make the changes in those files, as they are not able to be changed by us end users for cloud instances.

keith schmitt,


Show all comments