Created anonymous webservice with method POST return code 403
hi,
I'm following the guide to create an anonymous webservice, the GET method works perfectly but when i switch the verb to POST the system returns 403 forbidden.
The site is purposely rejecting a well formed request. Is there a way arround tthis? I tried various settings on the .config files but nothing helped.
I need the method to be POST, the site i'm integrating with only allows that.
Regards,
Luciano
Like
well, just leaving for the next one that has the problem.
How to resolve 403 on anonymous POST WS:
1) Edit [Install path]\Web.config
2) Lookup appSetting for key: DisableCsrfTokenValidationForPaths
3) Append at the end of the line the path to the .svc/functio: "[previous_values],0/ServiceModel/[service_created].svc/[Method]"
Example:
<add key="DisableCsrfTokenValidationForPaths" value="/AuthService.svc/SsoLogin,AuthService.svc/Login,0/ServiceModel/[service_name].svc/[service_method]" />
Can this be applied on the bpm hosted instances?
well, just leaving for the next one that has the problem.
How to resolve 403 on anonymous POST WS:
1) Edit [Install path]\Web.config
2) Lookup appSetting for key: DisableCsrfTokenValidationForPaths
3) Append at the end of the line the path to the .svc/functio: "[previous_values],0/ServiceModel/[service_created].svc/[Method]"
Example:
<add key="DisableCsrfTokenValidationForPaths" value="/AuthService.svc/SsoLogin,AuthService.svc/Login,0/ServiceModel/[service_name].svc/[service_method]" />
Can this be applied on the bpm hosted instances?
Try to check how the GeneratedObjectWebFormService registered. It works with post and it seems like it doesn't require disabling CSRF.