CODEWITHSUNDEEP
serviceauthorizationdotnetnukedotnetnuke-module
iiminov
iiminov

Reputation: 979

DotNetNuke Service API Authorization throwing 401 Unauthorized code

I am having a bit of difficulty figuring out why I am getting 401 Unauthorized status from service framework. At the moment I have it setup to allow everyone to do as they please but that because when I try to enable authorisation I get 401 error code.

//[SupportedModules("Boards")]
//[DnnModuleAuthorize(AccessLevel = SecurityAccessLevel.View)]
[AllowAnonymous]
public class BoardsServiceController : DnnApiController
{ ... }

The strange thing is I have another module which is more than happy to work away with DnnModuleAuthorize

[SupportedModules("Assignments")]
[DnnModuleAuthorize(AccessLevel = SecurityAccessLevel.View)]
public class AsgnsServiceController : DnnApiController
{ ... }

In both cases I have checked to make sure the user has permissions to view the page on which the module lives.

I have cross referenced both projects and everything seems to be spot on. Yet one is working away just fine and the other one returns 401.

Any suggestions?

Update

For Assignments module I am mostly using jQuery style of ajax request just because I haven't got around to revising the module. So a typical GET request would look something like this:

$.ajax({
    type: "GET",
    url: sf.getServiceRoot( "Assignments" ) + "AsgnsService/GetAssignments",
    data: data,
    beforeSend: sf.setModuleHeaders
}).done( function ( items ) {
    //removed for brevity
}).fail( function ( xhr, result, status ) {
    //removed for brevity
});

As for Boards module the code structure is slightly different due knockout implementation. There is a dedicated ServiceCaller but it all boils down to the same ajax call to the server except that instead of having full blown ajax call defined as above it looks much neater.

var that = this;

that.serviceCaller = new dnn.boards.ServiceCaller($, this.moduleId, 'BoardsService');

var success = function (model) {
    if (typeof model !== "undefined" && model != null) {
        viewModel = new boardViewModel(model.colLists);

        ko.bindingHandlers.sortable.beforeMove = viewModel.verifyAssignments;
        ko.bindingHandlers.sortable.afterMove = viewModel.updateLastAction;

        // normally, we apply moduleScope as a second parameter
        ko.applyBindings(viewModel, settings.moduleScope);
    }

    //console.log('success', model);
};

var failure = function (response, status) {
    console.log('request failure: ' + status);
};

var params = {
    BoardId: this.boardId
};

that.serviceCaller.get('GetBoardLists', params, success, failure);

And the ServiceCaller ajax function itself looks like this:

function (httpMethod, method, params, success, failure, synchronous) {
    var options = {
        url: that.getRoot() + method,
        beforeSend: that.services.setModuleHeaders,
        type: httpMethod,
        async: synchronous == false,
        success: function (d) {
            if (typeof (success) != 'undefined') {
                success(d || {});
            }
        },
        error: function (xhr, textStatus, errorThrown) {
            if (typeof (failure) != 'undefined') {
                var message = undefined;

                if (xhr.getResponseHeader('Content-Type').indexOf('application/json') == 0) {
                    try {
                        message = $.parseJSON(xhr.responseText).Message;
                    } catch (e) {
                    }
                }

                failure(xhr, message || errorThrown);
            }
        }
    };

    if (httpMethod == 'GET') {
        options.data = params;
    } else {
        options.contentType = 'application/json; charset=utf-8';
        options.data = ko.toJSON(params);
        options.dataType = 'json';
    }

    $.ajax(options);
};

This would be the two GET requests from two different modules where one is happy and the other throws a status 401 when I enable the same annotations.

Does this provide any clues?

Update

Now in saying all of the above if one takes a look at the original Boards module code base one will notice [DnnAuthorize] annotation attached to every function.

During module revision I removed all instances of [DnnAuthorize] annotation and replaced it with two of my own on the service class itself.

When I add [DnnAuthorize] as annotation on service class itself things work as expected. So why [SupportedModules("Boards")] and [DnnModuleAuthorize(AccessLevel = SecurityAccessLevel.View)] combination doesn't !?

Upvotes: 1

Views: 1422

Answers (1)

braindice
braindice

Reputation: 988

I am not sure but working with the WebAPI you have to register the Service Framework anti forgery stuff

 ServicesFramework.Instance.RequestAjaxAntiForgerySupport();

This is part of asking the API to work with a specific module.

Upvotes: 2

Related Questions