DotNetOpenAuth and ResourceServer service https configuration

StackOverflow https://stackoverflow.com/questions/22538224

  •  18-06-2023
  •  | 
  •  

Question

I am trying to configure the DataApi.svc service of the DotNetOpenAuth to call my resources via https using AJAX.

I can call the service and hit the code behind but the OperationContext.Current.ServiceSecurityContext will be not authenticated

In IIS, I have "Anonymous authentication" set to "true".

In Fiddler I can see that the header is sent: Authorization: Bearer gAAAAMcRmG5vw3LykShq7cNOEGUACBiNtlVGxGYdSVfkkXjR-[truncated]

The interface is decorated like that:

[ServiceContract] public interface IDataApi {

[OperationContract, WebGet(UriTemplate = "/email", ResponseFormat = WebMessageFormat.Json)] string GetEmail();

And here is my config: 

<bindings>
  <wsHttpBinding>
    <binding>
      <security mode="Transport">
        <transport clientCredentialType="None"/>
      </security>
    </binding>
  </wsHttpBinding>
  <webHttpBinding>
    <binding>
      <security mode="Transport">
        <transport clientCredentialType="None"/>
      </security>
    </binding>
  </webHttpBinding>
</bindings>

<behaviors>
  <serviceBehaviors>
    <behavior name="DataApiBehavior">
      <serviceDebug includeExceptionDetailInFaults="true" />
      <serviceMetadata httpsGetEnabled="true" />
    </behavior>
  </serviceBehaviors>
  <endpointBehaviors>
    <behavior name="DataApiWebBehavior">
      <webHttp />
    </behavior>
  </endpointBehaviors>
</behaviors>

<services>
  <service behaviorConfiguration="DataApiBehavior" name="OAuthResourceServer.DataApi">
    <endpoint address="" binding="wsHttpBinding" contract="OAuthResourceServer.Code.IDataApi" />
    <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
    <endpoint address="web" binding="webHttpBinding" contract="OAuthResourceServer.Code.IDataApi" behaviorConfiguration="DataApiWebBehavior">
    </endpoint>
  </service>
</services>

Any idea of what can be wrong?

Thanks!

Was it helpful?

Solution

I was missing the 

 <serviceAuthorizationserviceAuthorizationManagerType="OAuthResourceServer.Code.OAuthAuthorizationManager, OAuthResourceServer" principalPermissionMode="Custom" />

in the service behavior! Solved :)

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top