65

Been stuck with this for hours

{"Message":"Authentication failed.","StackTrace":null,"ExceptionType":"System.InvalidOperationException"}

I'm trying to call this WebMethod in my ASP.Net Webform 

[WebMethod]
public static string GetClients(string searchTerm, int pageIndex)
{
    string query = "[GetClients_Pager]";
    SqlCommand cmd = new SqlCommand(query);
    cmd.CommandType = CommandType.StoredProcedure;
    cmd.Parameters.AddWithValue("@SearchTerm", searchTerm);
    cmd.Parameters.AddWithValue("@PageIndex", pageIndex);
    cmd.Parameters.AddWithValue("@PageSize", PageSize);
    cmd.Parameters.Add("@RecordCount", SqlDbType.Int, 4).Direction = ParameterDirection.Output;
    return GetData(cmd, pageIndex).GetXml();
}

From this jquery.ajax 

function GetClients(pageIndex) {
    $.ajax({
        type: "POST",
        url: "ConsultaPedidos.aspx/GetClients",
        data: '{searchTerm: "' + SearchTerm() + '", pageIndex: ' + pageIndex + '}',
        contentType: "application/json; charset=utf-8",
        dataType: "json",
        success: OnSuccess,
        failure: function (response) {
            alert(response.d);
            },
            error: function (response) {
                alert(response.d);
            }
    });
}

But I always get this error:

POST http://localhost:64365/ConsultaPedidos.aspx/GetClients 401 (Unauthorized)

Weird thing is that this used to work until I start authenticating users

<system.web>
...
    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login" timeout="2880" defaultUrl="/Dashboard" />
    </authentication>
    <authorization>
      <deny users="?" />
    </authorization>
...
</system.web>

Any ideas?

Improve this question

13 Answers 13

Reset to default
208

Problem solved

This was driving me crazy.

Inside ~/App_Start/RouteConfig.cs change:

settings.AutoRedirectMode = RedirectMode.Permanent;

To:

settings.AutoRedirectMode = RedirectMode.Off;

(Or just comment the line)

Also if friendly URLs are enabled you need to change

url: "ConsultaPedidos.aspx/GetClients",

To:

url: '<%= ResolveUrl("ConsultaPedidos.aspx/GetClients") %>',

Hope this help somebody else

Improve this answer
6
  • 7
    I wanted to thank you for this answer, this solved the issue for me. I've seen people asking about this problem on several sites, but you were the only one that offered a solution.
    – cost
    Commented May 16, 2014 at 6:06
  • 8
    I just have the same issue! but I use Asp.net web project, i have no ~/App_Start/RouteConfig.cs.... how can I solve it..
    – Kun-Yao Wang
    Commented Dec 29, 2016 at 9:17
  • How to fix this error in asp.net 3.5 web form project ? It doesn't have any routeconfig.cs file.
    – shrekDeep
    Commented Jul 25, 2018 at 9:03
  • I've found so many guides that recommend changing settings like web.config, etc, but this is the only solution that worked. It's quite surprising that this functionality doesn't work out of the box.
    – tresf
    Commented Oct 31, 2019 at 21:01
  • Using an out of the box C# ASP.NET Webforms project, friendly URLs were enabled. Note that changing AutoRedirectMode to AutoRedirectMode.Off was all I needed to do. Much thanks.
    – IdusOrtus
    Commented Feb 4, 2020 at 19:07
25

Inside ~/App_Start/RouteConfig.cs change

settings.AutoRedirectMode = RedirectMode.Permanent;

to

settings.AutoRedirectMode = RedirectMode.Off;
Improve this answer
2
  • this is the second time this got me.
    – Mike
    Commented May 17, 2017 at 16:24
  • 8
    Can you explain why we need to do this?
    – Adam
    Commented Jul 17, 2017 at 13:40
6

401 Unauthorised means that:

  • User authentication hasn't been provided or
  • It was provided but failed authentication tests

This corroborates with what you've said about adding authentication, it's clearly covering this method too.

Therefore do you want access to this method to be public or not?

Public:

  • You need to remove authentication from this method.

To allow access to public resources (such as this webmethod) you simply place this in the config file in the same directory:

 <authorization>
        <allow users="*" /> 
 </authorization>

if you put above tag then it will give access right to all kind of users to all resources. so instead of that you can add below tag to give authorization to the web service

<location path="YourWebServiceName.asmx">
<system.web>
  <authorization>
    <allow users="*"/>
  </authorization>
</system.web>

Private:

  • You need to ensure authentication is being sent across the line (using Fiddler to check for the cookie), and ensure it's is passing asp.net authentication.
Improve this answer
2
  • Thanks for the answer. I've already tried <allow users="*"> but I get the same response, also when checking the cookie on Fiddler it says this: This response did not set any cookies.
    – Daniel Cardenas
    Commented Apr 12, 2014 at 17:40
  • This looks like the culprit, without any cookies any authentication will fail - so figure out how to remove authentication from the method.
    – m.edmondson
    Commented Apr 12, 2014 at 17:43
5

You have to comment out only in ~/App_Start/RouteConfig.cs

  // settings.AutoRedirectMode = RedirectMode.Permanent;

             (Or do this)

    settings.AutoRedirectMode = RedirectMode.Off;

There is nothing to do with Authentication in Web.config file.

Improve this answer
1
  • In my case I had friendly URL settings in routing config which by default set with AutoRedirectMode to permanent, service method hitting after turning it off. Thank you.
    – Ravi Shankar
    Commented Dec 3, 2019 at 1:21
3

I found this question trying to solve the same problem, the way I solved is not seen here so I post to someone stuck in the same bottleneck:

Try in your method use the EnableSession = true in your WebMethod attribute

like 

[WebMethod(EnableSession = true)]
public static string MyMethod()
{
    return "no me rindo hdp";
}

with this is solved my 401 error. Hope be helpful.

Improve this answer
3

In my case, I was adding the WebMethod to a control on the form. It needs to be added to the page itself.

Improve this answer
3

For me, I had an invalid "data:" parameter in my JQuery Ajax call. But rather than either .NET or JQuery complaining about the the parameter values, I was (misleadingly in my opinion) getting the 401 Unauthorized error.

Improve this answer
2

Not an expert but have you tried by putting <allow users="*"/> in the config file? Your request should be using a GET method and not a POST (used to create).

EDIT: It seems that you are using a SOAP method, which can't be called from clientside, you should use a RESFUL service.

Improve this answer
3
  • Ys, I already tried that. Tried to put everything like it was before starting authenticating but I get the same response.
    – Daniel Cardenas
    Commented Apr 12, 2014 at 17:25
  • I think that your webmethod only can be invoked from server-side, but not sure.
    – bobthedeveloper
    Commented Apr 12, 2014 at 17:37
  • @Hatsjoem: not really. It can be invoked from client side. Its some authentication problem. +1 for effort anyway
    – codeandcloud
    Commented Apr 12, 2014 at 17:40
1

I faced the same problem and firstly tried the solution which is available and it does work. However I realised if I create a new web-service and add the relevent code in the App_Code folder of the web-service file then I don't get any errors.

Improve this answer
2
  • can you be a bit more specific? I too tried these things but the error just changed, it enters the Error event with: Status: error Error: Internal Server Error, no details. thanks
    – Bogdan T Stancu
    Commented Aug 7, 2015 at 14:33
  • Never mind, I got it working. It was expecting JSON so I had to to JSON.stringify(..datavalue), it works now.
    – Bogdan T Stancu
    Commented Aug 7, 2015 at 14:42
1

I know you got your answer accepted. It actually happens while creating a Web Form application and not changing the Authentication to No Authentication.

The default authentication we see as Authentication: Individual User Account

The error will not come if we change to Authentication: No Authentication

Improve this answer
1
  • would like to point out that this does happen with 2017 VS (i use community ed) and web forms app, even with 'No Authentication'. I had to modify the routeconfig .cs as detailed above.
    – zingh
    Commented May 17, 2018 at 3:16
1

My site was using ASP.NET forms authentication and I worked out by trial and error that I could only get it work if I called a web method with on an .asmx page and with contentType: "application/x-www-form-urlencoded" and dataType: "xml"

Improve this answer
1

In my case the problem was in URL that calls Ajax.asmx this URL was not correct according to a webserver setup, e.g. "/qa/Handlers/AjaxLib.asmx/" worked for me instead of "/Handlers/AjaxLib.asmx/" (works fine on PROD servers in my particular situation): 

  $.ajax({
  url: '/qa/Handlers/AjaxLib.asmx/' + action,
  type: "POST",
  async: false,
  data: data,
  contentType: "application/json; charset=utf-8",
  success: function () {

My AJAX was then called out of scope of my IIS virtual application directory "qa", hence Authorization error occured ({"Message":"Authentication failed.","StackTrace":null,"ExceptionType":"System.InvalidOperationException"}).

Improve this answer
1

To allow this Web Service to be called from script, using ASP.NET AJAX. Add the following attribute to the class

[System.Web.Script.Services.ScriptService]

I faced similar issue and the adding this attribute resolved it.

Improve this answer
0

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.