Vulnerability in EPiServer.Forms
I want to host a wcf-service in my episerver-application and secure it with basic authentication the same way as with asmx-services. I’ve done the standard configuration for the webservices-catalog and added one wfc-service and one asmx-service to it. Now I cannot access neighter the catalog nor the asmx-service (when not logged in) but I can still access the wcf-service. Can I do some extra configuration or something to make this work for wcf-services?
Thanks for any reply.
Are you accessing you WCF service directly (folder/folder/myservice.svc) or via a route?
If directly, have you placed your svc file in the standard /webservices folder or another folder?
if its in another folder, you will need to duplicate the location tag from /webservices for the new folder to set the episerver.basicAuthentication, authorization and handlers.
Thanks for the answer!
Turns out there were something wrong with the registration of the basic authentication module. After I registered it programmatically everything seems to work.
no problem - I have had this working before and never had to register the authentication module progrmatically. Its strange that it worked for securing asmx but not svc files.
I have the same problem. .asmx service returns 401 Unauthorized but I can still access the .svc service in the same folder (WebServices). Is there a way to secure a WCF service in WebServices-folder?