I have an existing ASP.NET application that implements authentication on all sites. The application is deployed in several instances (for example, customer1, customer2, test, dev, etc.) with a separate database for each instance. SSL is in the game. The instance is configured through the XML configuration file.
I have a new requirement to allow upload / download of certain data, which I would like to implement as a public web service.
My initial thought was to selectively disable form authentication for the application subdirectory (e.g. ~ / Services), and then authenticate through a SOAP header or the like.
However, I do not find a way to selectively disable auth forms.
Question: Is there a way to do this? I tried the <location> tag in the web configuration to no avail.
If not, what are your setup recommendations? I can think of the following options:
1) Create a new βServicesβ project in my solution, and then configure a separate ASP.NET IIS application in this directory in each instance. (Pro: easy access to the instance configuration, which may be needed in the future. Con: configuration for each corresponding instance).
2) Create a separate "Services" solution that references the necessary assemblies from the application solution and places it as a separate ASP.NET application. Then find the db connection string based on the UserName provided in the SOAP header. (Pro: one configuration application in IIS. Con: no easy access to instance configuration.)
3)
: : ASP.NET , ( - - ). web.config :
<system.web>
<authentication mode="Forms">
<forms loginUrl="Login.aspx"/>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
<location path="~/Services/MyService.asmx">
<system.web>
<authentication mode="None" />
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>