I'm working on an MVC project where the we need to send an put a header on the dataservice's request for approval by the service. In order to avoid unauthorized visitor from using the service.
This is currently achieved like this:
context.SendingRequest2 += new EventHandler<SendingRequest2EventArgs>((s, e) => {
e.RequestMessage.SetHeader("Authorization", (applicationName + " " + applicationId));
});
And the service uses the void OnStartProcessingRequest(ProcessRequestArgs args) to check this towards some hardcoded values and throw new DataServiceException(401, "401 Unauthorized"); if the header is missing or incorrect.
The whole thing works perfectly on localhost. But when we upload the project to a test server, We experience that the service allows get, and create new operations, but NOT update.
Example: I start the website, and it shows all the lists, fully populated with data. I click a button to open up the create new window, fill out the form, and press save. No problem. I press one of the records, to open the Edit popup, and the popup is populated with the record's existing data.
But when i change something and press save, the window closes, the entire process of saving is called and runs smoothly until it comes to SaveChanges() when it's supposed to fire the SendingRequest2 event, and add the header.
I Created a lot of debugging logs and it turns out that the header is not added. (no idea why). So naturally the service rejects it.
My questions:
- What could be missing / wrong, since it works in localhost but not on a server.
- Is there another way that this could be done. Hoping of something simple and easy to implement.
Btw, for the time being we are running on .Net framework 4.5.2. Because we have a lot of legacy stuff that needs to be supported.
Edit Would it make a difference if I mention that its for a MVC5 project.
Here is the solution, For all of you out there, who have been googling for days and pulling hair out.
I found This article: Solution to the problem article
The problem is simply put, that the IIS is blocking Merge, Put and Delete requests, and thus making it impossible to save with authentication on the receiving end (server). It will not be a problem in localhost, since you never really leave your own machine.
So simply put, i added
result.UsePostTunneling = true;in the SendingRequest2 event before adding header. And woopty its working server side also.