Access a webservice behind a membership provider

I have one website that hosts a webservice which uses membership provider authorization. I would like to be able t开发者_JS百科o authenticate through my webservice call from a second site without getting bounced back to my login page on the webservice site. How can I accomplish this?

As a side note, it would be best for me to allow a custom rule for specific hosts accessing the site. So if the request is coming from www.mysite.com, it would override the authorization.

You may use a <location/> tag in your web.config to open a specific directory or file up.

I don't believe there is an intrinsic method of access control by host.

A very simple way to do this would be by implementing a simple HttpModule that guards the endpoint or directory.

using System;
using System.Net;
using System.Web;

namespace HttpLibArticleSite
{
    public class GuardDogModule : IHttpModule
    {
        #region IHttpModule Members

        public void Init(HttpApplication context)
        {
            context.BeginRequest += BeginRequest;
        }

        public void Dispose()
        {
            //noop
        }

        #endregion

        private static void BeginRequest(object sender, EventArgs e)
        {
            HttpContext ctx = (HttpContext) sender;

            if (ctx.Request.Url is not guarded) return;

            if (ctx.Request.Headers["take your pick"] != what
            you want)
            {
                ctx.Response.StatusCode = (int) HttpStatusCode.Forbidden;
                ctx.Response.End();
            }
        }
    }
}

not complied, obviously, and not tested but will get you where you need to go. Just refer to the web.config system.web/httpModules section to see how to deploy.

Cheers.

You would have to place a web.config file inside the directory of your webservice and allow anonymous access to it. Or you could make it Windows Authentication only and use impersonation to authorize the call.