I have a DNN 7 website with web service endpoints:
public class DNNRoleManagementServiceController: DnnApiController {
It was an AllowAnonymous development function, now it is RequireHost, because endpoint security is good. These endpoints should only be used by our system, so [RequireHost] seems like the right level of authentication.
I have my C # library to call this endpoint:
WebClient webClient = new WebClient(); Uri uri = new Uri(uriString.ToString()); webClient.Credentials = new NetworkCredential("host", "password"); webClient.DownloadStringCompleted += GetStringCompleted; webClient.DownloadStringAsync(uri);
Even with the correct password, all I get is a 400 or 401 answer. Therefore, it is obvious that I do not believe my credentials. Just what is right? All the documentation I found in DNN WebAPI was "Apply the [AllowAnonymous] attribute so that someone and their dog can use your web service!" which is great if the service you supply is for public consumption. This is not one of these cases.
So what is the right way to provide host credentials for the call to work? I'm really not sure here.
source share