ASP.NET WebMethod that works both with and without a Session

Question

I am making a ASP.NET web page in C#. I'm finding that if the web page is left alone for a short period of time, I start getting 401 Unauthorized Errors whenever the page attempts to call a WebMethod. I think this is probably caused by the Session timing out.

I only make use of the Session for a short time when the user first enters this page, when I am doing some backend caching and using the Session to keep track. At that time the page is hitting the backend continuously for updates, which would be refreshing the Session. Once this is finished I no longer need any Session state.

Is it possible to have a WebMethod that works without requiring a session state, but it able to find and access it if it one exists? Or if it created an empty session automatically when the WebMethod was called, this would also be fine.

Thanks!

Answer 1

apart from the ans given by @Jupaol
you can easily use Location element of web config with something like this

<configuration>
   <location path="Url_To_WebMethod">
      <system.web>
         <authorization>
            <allow users="*"/>
         </authorization>
      </system.web>
   </location>
</configuration>

this would remove the need of authentication from your web method and then you would be able to use it without requiring any auth cookie

Answer 2

Well if my understanding is correct, you should place your Web Service in a sub-folder and configure it to allow anonymous users:

Your typical root web.config would look like:

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login.aspx" timeout="2880">
  </forms>
</authentication>
<authorization>
  <deny users="*"/>
</authorization>

In the sub-folder, create a new web.config file and override the authorization settings:

<?xml version="1.0"?>
<configuration>
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
</configuration>