Question

Created anonymous webservice with method POST return code 403

hi,

I'm following the guide to create an anonymous webservice, the GET method works perfectly but when i switch the verb to POST the system returns 403 forbidden. 

The site is purposely rejecting a well formed request. Is there a way arround tthis? I tried various settings on the .config files but nothing helped.

I need the method to be POST, the site i'm integrating with only allows that.

 

Regards,

Luciano

Like 0

Like

2 comments
Best reply

well, just leaving for the next one that has the problem.

How to resolve 403 on anonymous POST WS:

1) Edit [Install path]\Web.config

2) Lookup appSetting for key: DisableCsrfTokenValidationForPaths

3) Append at the end of the line the path to the .svc/functio: "[previous_values],0/ServiceModel/[service_created].svc/[Method]"

Example:

    <add key="DisableCsrfTokenValidationForPaths" value="/AuthService.svc/SsoLogin,AuthService.svc/Login,0/ServiceModel/[service_name].svc/[service_method]" />

 

Can this be applied on the bpm hosted instances?

well, just leaving for the next one that has the problem.

How to resolve 403 on anonymous POST WS:

1) Edit [Install path]\Web.config

2) Lookup appSetting for key: DisableCsrfTokenValidationForPaths

3) Append at the end of the line the path to the .svc/functio: "[previous_values],0/ServiceModel/[service_created].svc/[Method]"

Example:

    <add key="DisableCsrfTokenValidationForPaths" value="/AuthService.svc/SsoLogin,AuthService.svc/Login,0/ServiceModel/[service_name].svc/[service_method]" />

 

Can this be applied on the bpm hosted instances?

Try to check how the GeneratedObjectWebFormService registered. It works with post and it seems like it doesn't require disabling CSRF.

Show all comments