Question

Authenticate custom web service

Hello all. I have created a custom webservice that works perfectly with Postman. But have to Auth and set the cookie. I need my custom web service to work from a callback from an external application. Almost like a webhook. 

 

So I have a url that has a call back url in it from this other application. That app is not Authenticated so I get method not allowed. Are there other ways to auth? Like with an API key in the callback link?  It is a POST Web service.

 

Thank you

Like 0

Like

19 comments
Best reply

keith schmitt,

 

Yes we can. Simply email us at support@creatio.com, provide us with the name of the app for which changes should be applied in the Web.config and services.config files, provide us with the complete instruction regarding these changes and with the .svc file itself.

 

Best regards,
Oscar

Hello,

 

You need to either redesign the webservice to be anonymous on the Creatio side so your third party app could perform request to it without authentication or you need to develop authentication to the Creatio app in your third party application logic (using AuthService.svc, example of the logic can be found here).

 

Best regards,

Oscar

Can you setup anonymous access with a cloud instance?

keith schmitt,

 

Yes we can. Simply email us at support@creatio.com, provide us with the name of the app for which changes should be applied in the Web.config and services.config files, provide us with the complete instruction regarding these changes and with the .svc file itself.

 

Best regards,
Oscar

Thank you !!!

Oscar Dylan,

So I followed the demo and it works with Auth but not without?  Is there something else I am missing?  Is there some IIS settings?

keith schmitt,

 

Can you please explain in details what exactly is not working?

Oscar Dylan,

the service works great when authenticated but does not work at all if not authenticated. Both through web browser and through Postman 

 

 

HTTP Error 401.1 - Unauthorized

You do not have permission to view this directory or page using the credentials that you supplied.

keith schmitt,

 

You mean that you've performed the setup of the service according to the article I sent previously and when you perform calls to the endpoint you receive the "Unauthorized" error?

yes, that is correct. I am using that exact code with no changes. I altered the other files as stated in there. I have restarted IIS, restarted with Clio and I still get Unauthorized unless I pass a valid cookie.

Just tried again on a fresh install and I am having the same thing. I even downloaded the sample and installed that as a application. Any ideas?

keith schmitt,

 

I can only recommend double-check the setup since the same configuration as on the Academy works properly on my side either with Postman and browser and I don't send the session cookie in my request headers:

Mostly seems that the problem is somewhere in either Web.config setup of locations and allowed locations since they are responsible for the service anonymization.

I see you still have to send a username cookie?  Anyway around that?  I am not able to add a cookie with the call back URL.

keith schmitt,

 

Actually I simply didn't delete it when sending the previous request. Here is the request without any cookie, for example:

Thank you for all of your help.  I feel like I am close.  This is odd. Now it just redirects to the login page. Have you seen that before?

keith schmitt,

 

Please double-check all the settings of the webservice. First of all try creating the service that is identical to the one described in the Academy example (perform the manual setup, but not using the package from the article). It should also work on your side since it correctly works on my end.

Thank you I have done it both ways on 2 different environments. Still the same results. Have copied and pasted all changes per the doc. Restarted Clio, IIS and cleared Cache.  

keith schmitt,

 

OK, please provide the Web.config file, services.config file, .svc file and the code of the service class from the configurations directly. I will use the same files in my app to see what happens.

Very kind of you, Thank you. See Below:

Web.config

  <location path="ServiceModel/UsrAnonymousConfigurationService.svc">
		<system.web>
			<authorization>
				<allow users="*" />
			</authorization>
		</system.web>
	</location>
 
and     <add key="AllowedLocations" value="api/HealthCheck/Ping;ServiceModel/MsgUtilService.svc;Nui/Feedback.aspx;Nui/UserManagement.aspx;ServiceModel/GeneratedWebFormService.svc;ServiceModel/ExchangeListenerService.svc;ServiceModel/IndexingConfigService.svc;ServiceModel/ReportCallbackService.svc;TestTools/Tests.aspx;TestTools/Tests.Debug.aspx;TestTools/Tests.Release.aspx;ServiceModel/TestDataService.svc;ServiceModel/CaseRatingManagementService.svc;ServiceModel/MandrillService.svc;ServiceModel/EventTrackingService.svc;TestTools/UnitTests.aspx;ServiceModel/ScoringService.svc;ServiceModel/CESWebHooksService.svc;ServiceModel/CESTroubleshootingService.svc;ServiceModel/GeneratedObjectWebFormService.svc;ServiceModel/BsoJivosite.svc;ServiceModel/BsoTilda.svc;ServiceModel/DocumentsService.svc;ServiceModel/PtOauthService.svc;ServiceModel/AletMangoCloudConnector.svc;ServiceModel/ScriptDesignerService.svc;ServiceModel/FacebookWebhookService.svc;Features.aspx;ServiceModel/OpChatraWebhook.svc;ServiceModel/OPMyCallsUtils.svc;/ServiceModel/ServiceOAuthAuthenticatorEndpoint.svc;ServiceModel/MobileMetadataService.svc;ServiceModel/OmnichannelMessagingService.svc;ServiceModel/FacebookOmnichannelMessagingService.svc;ServiceModel/WhatsAppOmnichannelMessagingService.svc;ServiceModel/TelegramOmnichannelMessagingService.svc;ServiceModel/TrcEmailTrackingService.svc;ServiceModel/SocialLeadGenWebhookService.svc;ServiceModel/TotpSendResetPasswordLinkService.svc;ServiceModel/TotpResetPasswordService.svc;ServiceModel/AlmUserService.svc;ServiceModel/UsrAnonymousConfigurationService.svc" />

services.config (both http and https) only using http

	<service name="Terrasoft.Configuration.UsrAnonymousConfigurationServiceNamespace.UsrAnonymousConfigurationService">
		<endpoint name="UsrAnonymousConfigurationServiceEndPoint"
            address=""
            binding="webHttpBinding"
            behaviorConfiguration="RestServiceBehavior"
            bindingNamespace="http://Terrasoft.WebApp.ServiceModel"
            contract="Terrasoft.Configuration.UsrAnonymousConfigurationServiceNamespace.UsrAnonymousConfigurationService" />
	</service>

UsrAnonymousConfigurationService.svc

<% @ServiceHost
    Service = "Terrasoft.Configuration.UsrAnonymousConfigurationServiceNamespace.UsrAnonymousConfigurationService"
    Debug = "true"
    Language = "C#"
%>

UsrAnonymousConfigurationServic.cs

/* The custom namespace. */
namespace Terrasoft.Configuration.UsrAnonymousConfigurationServiceNamespace
{
    using System;
    using System.ServiceModel;
    using System.ServiceModel.Web;
    using System.ServiceModel.Activation;
    using Terrasoft.Core;
    using Terrasoft.Web.Common;
    using Terrasoft.Core.Entities;
 
    [ServiceContract]
    [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]
    public class UsrAnonymousConfigurationService : BaseService
    {
        /* The link to the UserConnection instance required to access the database. */
        private SystemUserConnection _systemUserConnection;
        private SystemUserConnection SystemUserConnection
        {
            get
            {
                return _systemUserConnection ?? (_systemUserConnection = (SystemUserConnection)AppConnection.SystemUserConnection);
            }
        }
 
        /* The method that returns the contact ID by the contact name. */
        [OperationContract]
        [WebInvoke(Method = "GET", RequestFormat = WebMessageFormat.Json, BodyStyle = WebMessageBodyStyle.Wrapped,
        ResponseFormat = WebMessageFormat.Json)]
        public string GetContactIdByName(string Name)
        {
            /* Specify the user on whose behalf to process the HTTP request. */
            SessionHelper.SpecifyWebOperationIdentity(HttpContextAccessor.GetInstance(), SystemUserConnection.CurrentUser);
            /* The default result. */
            var result = "";
            /* The EntitySchemaQuery instance that accesses the Contact database table. */
            var esq = new EntitySchemaQuery(SystemUserConnection.EntitySchemaManager, "Contact");
            /* Add columns to the query. */
            var colId = esq.AddColumn("Id");
            var colName = esq.AddColumn("Name");
            /* Filter the query data. */
            var esqFilter = esq.CreateFilterWithParameters(FilterComparisonType.Equal, "Name", Name);
            esq.Filters.Add(esqFilter);
            /* Retrieve the query results. */
            var entities = esq.GetEntityCollection(SystemUserConnection);
            /* If the service receives data. */
            if (entities.Count > 0)
            {
                /* Return the "Id" column value of the first query result record. */
                //result = entities[0].GetColumnValue(colId.Name).ToString();
                result = SystemUserConnection.CurrentUser.ToString();
                /* You can also use this option:
                result = entities[0].GetTypedColumnValue<string>(colId.Name); */
            }
            /* Return the results. */
            return result;
        }
    }
}

 

FYI, my final  issue was I as not using .svc in the url...  Thanks for all the help

Show all comments