0

In my asp.net 4.0 eCommerce web application, a logged-in customer can click on anchors such as "Orders in the past 6 months" or "Orders in the past year" to view his past orders. When such anchors are clicked, I make a $.ajax call to my asmx web service method to retrieve a list of past orders and display them, like below:

$.ajax({
    type: "POST",
    url: "/webservices/OrderServices.asmx/GetOrderList",
    data: theParamter,
    contentType: "application/json; charset=utf-8",
    dataType: "json",
    success: function(data){
        displayOrders(data);
    },
    error: function(errMsg) {
        alert(errMsg);
    }
});

The web service method in c# is very simple, just a web method to get a list of orders for the specified past duration.

theParameter is obtained before the ajax call, which is just a parameter indicating if the customer wants to view the orders of the past 6 months or past year.

Everything works perfectly on my dev environment using IIS Express. But on production, when user clicks on either of the anchors, the browser pops up a small diablog box, asking the user to enter user name and password.

What's causing this? The web service (asmx) isn't aware that the request is sent from an authenticated customer? How to prevent the browser from displaying the authentication popup? Thank you!

codingrose
  • 15,563
  • 11
  • 39
  • 58
Stack0verflow
  • 1,148
  • 4
  • 18
  • 42

1 Answers1

2

It is possible that your server has Windows Security or Security was not properly configured for your site. Please visit the links bellow they are guided steps on how to disable windows security:

http://www.youtube.com/watch?v=CtpkXsWgcAM

http://technet.microsoft.com/en-us/library/cc731244(v=ws.10).aspx

Dalorzo
  • 19,834
  • 7
  • 55
  • 102
  • Thanks. I will take a look at those two links. One question is that I am not using https in dev environment, but on production, we use https. Will this make a difference? Thanks. – Stack0verflow Jan 12 '14 at 17:39
  • 1
    No https binding makes no difference. – Dalorzo Jan 12 '14 at 17:45
  • Thanks. I doubt they will enable anonymous authentication on production. If enabling anonymous authentication is not an acceptable solution, does it mean I have to give up the ajax call? – Stack0verflow Jan 12 '14 at 17:51
  • 1
    This about Windows authentication you still can secure your WFC using membership for instance. – Dalorzo Jan 12 '14 at 17:58
  • http://stackoverflow.com/questions/20682404/forms-authentication-for-wcf/20684096#20684096 – Dalorzo Jan 12 '14 at 17:59
  • http://stackoverflow.com/questions/7551/best-practices-for-securing-a-rest-api-web-service – Dalorzo Jan 12 '14 at 18:08
  • Thanks for the links. Will the service behavior configuration be applicable to asmx? We are not using WCF. – Stack0verflow Jan 12 '14 at 18:13