ASP.NET Calling WebMethod with jQuery AJAX "401 (Unauthorized)"

Question

Been stuck with this for hours

{"Message":"Authentication failed.","StackTrace":null,"ExceptionType":"System.InvalidOperationException"}

I'm trying to call this WebMethod in my ASP.Net Webform

[WebMethod]
public static string GetClients(string searchTerm, int pageIndex)
{
    string query = "[GetClients_Pager]";
    SqlCommand cmd = new SqlCommand(query);
    cmd.CommandType = CommandType.StoredProcedure;
    cmd.Parameters.AddWithValue("@SearchTerm", searchTerm);
    cmd.Parameters.AddWithValue("@PageIndex", pageIndex);
    cmd.Parameters.AddWithValue("@PageSize", PageSize);
    cmd.Parameters.Add("@RecordCount", SqlDbType.Int, 4).Direction = ParameterDirection.Output;
    return GetData(cmd, pageIndex).GetXml();
}

From this jquery.ajax

function GetClients(pageIndex) {
    $.ajax({
        type: "POST",
        url: "ConsultaPedidos.aspx/GetClients",
        data: '{searchTerm: "' + SearchTerm() + '", pageIndex: ' + pageIndex + '}',
        contentType: "application/json; charset=utf-8",
        dataType: "json",
        success: OnSuccess,
        failure: function (response) {
            alert(response.d);
            },
            error: function (response) {
                alert(response.d);
            }
    });
}

But I always get this error:

POST http://localhost:64365/ConsultaPedidos.aspx/GetClients 401 (Unauthorized)

Weird thing is that this used to work until I start authenticating users

<system.web>
...
    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login" timeout="2880" defaultUrl="/Dashboard" />
    </authentication>
    <authorization>
      <deny users="?" />
    </authorization>
...
</system.web>

Any ideas?

Answer 1

For me, I had an invalid "data:" parameter in my JQuery Ajax call. But rather than either .NET or JQuery complaining about the the parameter values, I was (misleadingly in my opinion) getting the 401 Unauthorized error.

Answer 2

To allow this Web Service to be called from script, using ASP.NET AJAX. Add the following attribute to the class

[System.Web.Script.Services.ScriptService]

I faced similar issue and the adding this attribute resolved it.

Answer 3

You have to comment out only in ~/App_Start/RouteConfig.cs

  // settings.AutoRedirectMode = RedirectMode.Permanent;

             (Or do this)

    settings.AutoRedirectMode = RedirectMode.Off;

There is nothing to do with Authentication in Web.config file.

Answer 4

In my case the problem was in URL that calls Ajax.asmx this URL was not correct according to a webserver setup, e.g. "/qa/Handlers/AjaxLib.asmx/" worked for me instead of "/Handlers/AjaxLib.asmx/" (works fine on PROD servers in my particular situation):

  $.ajax({
  url: '/qa/Handlers/AjaxLib.asmx/' + action,
  type: "POST",
  async: false,
  data: data,
  contentType: "application/json; charset=utf-8",
  success: function () {

My AJAX was then called out of scope of my IIS virtual application directory "qa", hence Authorization error occured ({"Message":"Authentication failed.","StackTrace":null,"ExceptionType":"System.InvalidOperationException"}).

Answer 5

In my case, I was adding the WebMethod to a control on the form. It needs to be added to the page itself.

Answer 6

My site was using ASP.NET forms authentication and I worked out by trial and error that I could only get it work if I called a web method with on an .asmx page and with contentType: "application/x-www-form-urlencoded" and dataType: "xml"

Answer 7

I found this question trying to solve the same problem, the way I solved is not seen here so I post to someone stuck in the same bottleneck:

Try in your method use the EnableSession = true in your WebMethod attribute

like

[WebMethod(EnableSession = true)]
public static string MyMethod()
{
    return "no me rindo hdp";
}

with this is solved my 401 error. Hope be helpful.

Answer 8

Inside ~/App_Start/RouteConfig.cs change

settings.AutoRedirectMode = RedirectMode.Permanent;

to

settings.AutoRedirectMode = RedirectMode.Off;

Answer 9

I know you got your answer accepted. It actually happens while creating a Web Form application and not changing the Authentication to No Authentication.

The default authentication we see as Authentication: Individual User Account

The error will not come if we change to Authentication: No Authentication

Answer 10

401 Unauthorised means that:

• User authentication hasn't been provided or
• It was provided but failed authentication tests

This corroborates with what you've said about adding authentication, it's clearly covering this method too.

Therefore do you want access to this method to be public or not?

Public:

• You need to remove authentication from this method.

To allow access to public resources (such as this webmethod) you simply place this in the config file in the same directory:

 <authorization>
        <allow users="*" /> 
 </authorization>

if you put above tag then it will give access right to all kind of users to all resources. so instead of that you can add below tag to give authorization to the web service

<location path="YourWebServiceName.asmx">
<system.web>
  <authorization>
    <allow users="*"/>
  </authorization>
</system.web>

Private:

• You need to ensure authentication is being sent across the line (using Fiddler to check for the cookie), and ensure it's is passing asp.net authentication.

Answer 11

I faced the same problem and firstly tried the solution which is available and it does work. However I realised if I create a new web-service and add the relevent code in the App_Code folder of the web-service file then I don't get any errors.

Answer 12

Problem solved

This was driving me crazy.

Inside ~/App_Start/RouteConfig.cs change:

settings.AutoRedirectMode = RedirectMode.Permanent;

To:

settings.AutoRedirectMode = RedirectMode.Off;

(Or just comment the line)

Also if friendly URLs are enabled you need to change

url: "ConsultaPedidos.aspx/GetClients",

To:

url: '<%= ResolveUrl("ConsultaPedidos.aspx/GetClients") %>',

Hope this help somebody else

Answer 13

Not an expert but have you tried by putting <allow users="*"/> in the config file? Your request should be using a GET method and not a POST (used to create).

EDIT: It seems that you are using a SOAP method, which can't be called from clientside, you should use a RESFUL service.