.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

How to bypass authentication for methods

Posted By:      Posted Date: October 25, 2010    Points: 0   Category :WCF

I have implemented an userNameAuthentication and custom AuthorizationPolicy for my WCF service, and works fine. What I would like to do is exclude some methods from authentication/authorization process and make them accessible to anonymous users.

Here is sample code:


// Service uses webHttpBinding
public class Service1 : IService1
[PrincipalPermission(SecurityAction.Demand, Role = "ADMIN")]
public string DoSomething(string val)
return val;

// I want this to be accessible to anonymous users, bypass authentication/authorization process
public int AddValues(int a, int b)
return HelperFuncs.Add(a, b);

How can I achieve this?

Thanks in advance.

View Complete Post

More Related Resource Links

Web service authentiation when mixed authentication methods are used

I am trying to pull data from the list.asmx web service from a console application. I am using clams based authentication, and whenever only integrated Windows Authentiation is checked everything works fine. Whenever I also check Enable Forms Based Authentication I start getting an Acccess is denied error when I try to connect to the service. I can login successfully using FBA so I don't think the problem is caused by the FBA configuration. Does anyone have any ideas to what might be causing this?

Forms Authentication -> login.aspx bypass and auto-create user?


Can I do the following, if I have 'this' within my web.config:

        <authentication mode="Forms">
            <forms loginUrl="Login.aspx" name=".ASPXFORMSAUTH" timeout="120"/>

        <authentication mode="Forms">

            <forms loginUrl="Login.aspx" name=".ASPXFORMSAUTH" timeout="120"/>


The Decorator Pattern & Extension Methods

The decorator pattern provides a formal way to add new functionality to an existing type, without sub-classing. First question: What is wrong with classical inheritance? In and of itself, nothing is wrong with the good old Is-A relationship. It is very common to derive a new class from an existing base class in order to override a few virtual members, and add a pinch of new functionality.

Using jQuery to directly call ASP.NET AJAX page methods

Here I am looking to explain how to call page methods using jQuery. Using jQuery to directly call ASP.NET AJAX page methods

Explained: Forms Authentication in ASP.NET

This module explains how forms authentication works in ASP.NET version 2.0. It explains how IIS and ASP.NET authentication work together, and it explains the role and operation of the FormsAuthenticationModule class.

Using Forms Authentication in ASP.NET - Part 1

Classic ASP developers often had to "roll their own" authentication scheme, however, in ASP.NET much of the grunt work has been taken out. This article outlines how things have changed and how FormsAuthentication can be used to secure a Web site with a minimal amount of code.

ASP.NET Forms Authentication - Part 1

Often, in legacy Web applications, users authenticate themselves via a Web form. This Web form submits the user's credentials to business logic that determines their authorization level. Upon successful authentication, the application then submits a ticket in the form of a cookie, albeit a hard cookie or session variable. This ticket contains anything from just a valid session identification access token to customized personalization values.

ASP.NET forms authentication with roles

.A timeout is specified in minutes. This is "time since last request" not the "time since login". If a login is indicated to be persistent (described later) this is ignored.
.A protection method is specified for the cookie.
Next I wanted to specify a folder to which access is restricted to people who have logged in. To do this I entered the following code in the web.config file (beneath

Forms Authentication in ASP.NET

In this tutorial you will learn about Forms Authentication in ASP.NET 2.0 - Forms Authentication class, Cookie Domain, Forms Cookies, The Login Control, Signin, Signout, Authenticate, Redirect, Login Status, Login Name and Login View Controls.

The Decorator Pattern & Extension Methods

Numerous design patterns exist in the software world today, and ultimately nothing is preventing you from making your own (if people buy into it or not is another question). Furthermore, there is no 'master list' of patterns that all developers agree upon. While this is true, if you pick up any book on the subject, you will find a set of very common patterns most programmers agree are very useful. Many of these patterns were first formalized in the seminal book on the subject, Design Patterns: Elements of Reusable Object-Oriented Software (aka, the Gang of Four [GOF] book; not to be confused with the UK punk band of the same name).

Xml File Methods and Properties

Method and Properties of XmlTextWriter class:
The XmlWriter class is a base class that outputs an XML data structure. It has methods to sequentially write XML elements in a proper hierarchy to create an XML file or other types of output streams. The System.Xml namespace provides support for the XmlWriter. It must be imported to the ASP.NET page with the directive

<%@ Import Namespace="System.Xml" %>

The XmlTextWriter

XmlWriter is an abstract class that is implemented as an extended XMLTextWriter class. The XmlTextWriter writes a sequence of XML nodes one element at a time. Output can be written to an XML file, although other streams of output data can be produced. It can create a new file or overwrite an existing file. Its non-cached writing techniques provides very fast generation of an output stream.

Web Matrix + Windows Authentication


I'm curious if its possible to get windows auth working with asp.net webpages/webmatrix.

I've got it published to IIS with windows auth turned on and anonymous/forms/basic turned off.

I'm guessing the WebSecurity Helper probably won't work here but can you access User.Identity.Name etc?

Sorry for the newbie questions, I've only just started working with asp.net ^^,

Problems with Forms Authentication in DD 4 site


Hello,  I am seeing a strange problem with Forms Authentication in my DD site.   A user logs into and can view/edit/delete data all day, but when they execute a Custom Filter against data (for example , a control DynamicData/Filters/CustomerLastNameSearch.ascx ) then the site auth fails, and redirects to the log in screen.

in web.config I have

     <authentication mode="Forms">
            <forms name=".Star" loginUrl="~/Login.aspx" protection="All" defaultUrl="~/Default.aspx" path="/" timeout="43200" cookieless="UseCookies" />     

Offhand, I am thinking two things : that DynamicData/Filters path requires some special handling for some reason, or the control extension ascx is causing auth to get confused.   Has anyone else experienced this or have any suggestions?  Thanks!

Sharing authentication ticket between two applications


Hi all,

I have two web applications:

1. http://www.mysite.com - primary app running at the root of the web server

2. http://www.mysite.com/second_app - running in a virtual directory

At user authentication, I'm using FormsAuthenticationTicket to set up authentication cookies. Is it possible to share the same cookie for both the apps?

Any help would be much appreciated.

Many thanks!

Windows Authentication for IIS in Windows 7 Home Premium Edition - for ASP Websites.


How to create a virtual directory and get benefit of the IIS. Is there a workaround to accomplish this without the Windows Authentication for Windows 7 Home Premium Edition?

Thanks in advance, 

Page Methods and Yahoo UI


Hello people,
I'm constructing an application with Page Methods and YAHOO UI.
I'm Not using Update Panels because Page Methods are faster than Update Panel.

You can post your experiences with this feature of ASP.NET Extensions and vantages of using this type of architecture.

Thanks a lot.

Flávio Malaquias
Asp.Net Senior Developer

Use Membership but bypass / disable password usage for users


I have an application that does LDAP authentication. The authentication is done on the code behind page of my Login.aspx page. Once the user passes LDAP authentication, a cookie is set and I redirect:

FormsAuthentication.RedirectFromLoginPage(UserName.Text, False)

I would like to setup membership in my application and keep track of some user information. But due to company security requirements, I cannot store user passwords on my application. That must stay on the LDAP server only.

Is there a way to store users but disable password storage on the aspnet_membership table?

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend