Asp.net Ajax Delete Record not working on Production Server

Question

I'm using this Ajax code for deleting record. The code works fine in localhost whereas it continuously asks for credentials on hosted server.

and on windows

With all of the participants'suggestions, I mostly suspect now on two things.

1) The web hosting is a cheap shot and isn't updating for the Application rights despite several efforts (Needs to contact server level support)

2) Probably the message box is requiring some token for authentication like this

$(document).ready(function () {
   $('.js-delete').on('click', function () {
        var button = $(this);
        var buttonId = button.attr("data-id");
        //var container = $(this).parent().siblings('#tablex').find('#hiddenTable').clone();

        var box = bootbox.dialog({
        show: false,
        message: "Are you sure you want to delete the Record?",
        title: "Delete Record?",

    buttons: {

        cancel: {
            label: "Cancel",
            className: "btn-default"
        },
      ok: {
        label: "Delete",
        className: "confirm btn btn-danger",
        callback: function (result) {
            if (result) {
                $.ajax({
                    url: "/api/datax/delete/" + button.attr("data-id"),
                    method: "Delete",
                    success: function () {
                        button.parents("tr").remove();
                    }
                });
            }
            console.log('Button Pressed.');
        }
      }
     }
    });
   });
});

And in my Controller, I'm handling this delete call like this.

 [Route("api/datax/delete/{id}")]
    public void Delete(int id)
    {
        var dataInDb = _context.Datax.SingleOrDefault(c => c.Id == id);

        if (dataInDb == null)
        {
            throw new HttpResponseException(HttpStatusCode.NotFound);
        }

        _context.Datax.Remove(dataInDb);
        _context.SaveChanges();

    }

Maybe you dont have permission to delete the record in the production DB? Try logging into the DB and make the change manually, see what happens — Master Yoda, Nov 21 '17 at 10:50
your statement "is not working" is very ambiguous. what is not working? 1. is the `delete` method in ur controller called ? 2. did you debug `delete` method and able to get the `id`? 3. is the record `id` correct? 4. is delete dialog shown? ... the list goes on — Sudarpo Chong, Nov 22 '17 at 03:30
@SudarpoChong It works perfectly fine on localhost means that all the controllers are properly called and IDs are passed accordingly. I can't debug the app on hosted server. When I try to delete a record, it asks for username and password and doesn't accept whether I insert internal account info / db info / hosted server credentials etc. The dialog says "Authentication Required" site requires username.password and "Your connection to the site is not private". — Naveed Abbas, Nov 22 '17 at 05:40
have you take a look at ur IIS configuration? (if you have access to it). Perhaps check on `Authentication` or `Request filtering` — Sudarpo Chong, Nov 22 '17 at 06:52
I have very limited access to the server. Please note that the delete function is in the api/controller. I also suspect that it should be in the ViewController. I tried that few days ago but didn't work. I don't exactly remember but I think it used to work on the hosted IIS a month ago or so. — Naveed Abbas, Nov 22 '17 at 07:38
@MasterYoda I can make whatever modifications I want in the DB manually. — Naveed Abbas, Nov 22 '17 at 11:07
@ToughGuy Can you add to the database? update etc? If you are running your app on production using HTTPS certification then its more than likely AJAX is restricted from running. Take a look at this answer for more information: https://stackoverflow.com/questions/15375908/ajax-get-request-over-https — Master Yoda, Nov 22 '17 at 11:15
@MasterYoda I can Add and Update the database and AFAIK I am not using any Https certification either, the app works under simple http protocol. — Naveed Abbas, Nov 22 '17 at 11:37
Check this answer from Andy Refuerzo, particularly the part about user mapping: https://stackoverflow.com/questions/14604309/cant-access-remote-database-after-deployment — Master Yoda, Nov 22 '17 at 11:58
@nAviD How would I know? I just uploaded the complete package to the hosting space. — Naveed Abbas, Dec 07 '17 at 08:31
@ToughGuy your ajax url should be at same sub domian of your website. — nAviD, Dec 08 '17 at 07:38
@ArjunPrakash Already tried that even with additional verbs `GET,HEAD,POST,DEBUG,PUT,DELETE` — Naveed Abbas, Dec 13 '17 at 07:25
@MasterYoda Sorry for the confusion. I meant I can make changes to the DB using the web hosting panel. The hosting service doesn't provide access through desktop apps such as Navicat or SQLPro for MSSQL etc. — Naveed Abbas, Dec 13 '17 at 07:28
Is it possible to log inside your API, to check whether the ajax call hit in API? — Arjun Prakash, Dec 13 '17 at 07:51
@EvanHuang The always use SQL Authentication so it's 99% sure but can't confirm as I'm not on dev machine. — Naveed Abbas, Dec 13 '17 at 10:23
Have you used [Postman](https://www.getpostman.com/) It is a great tool to test your apis. Replicate your request in postman, this will eliminate your first suspicion 1) Ajax postback is preventing the record to delete. — Aman B, Dec 13 '17 at 13:45
With so many pros unable to find any bug in the code, I assume that it is Application's security and rights privilege issue that only my hosting provider can solve. Thanks everyone for participation. — Naveed Abbas, Dec 14 '17 at 10:22

score 5 · Answer 1 · answered Dec 13 '17 at 05:54

5

If insert and Updates are working fine on production server then there can't be the issue of Connection string in Web.config.

Try manually deleting records from DB logging as user whose credentials you are using in Web.Config while working with production server, and check weather it is allowing or not. If it don't allow then you need to give the rights of deleting along with read/write in SQL server.

answered Dec 13 '17 at 05:54

Divya

1,203
2
13
31

Thanks but as I mentioned earlier, I can log into the database only by hosting web access and can't directly log into the DB. `You cannot make a connection to Microsoft SQL Server from an Enterprise Manager due to security reasons. The only means of access to your Microsoft SQL database is through ASP or ASP.net scripts that run on MyHosting Server.` – Naveed Abbas Dec 13 '17 at 06:56
Although masterYoda and @SudarpoChong mentioned it quite earlier, your response seems to be the only possible solution that can be accepted. I'm trying to contact the hosting team. – Naveed Abbas Dec 14 '17 at 10:30

score 1 · Answer 2 · answered Dec 13 '17 at 15:58

1

1) Please check if the HTTP-Delete-Method is allowed on the Webserver

2) Does the domain-part of the frontend differ from the webservice? If it does, check your browser console output for errors regarding CORS, which means that the browser thinks you are doing some cross-site scripting

3) In Internet Explorer we had a problem with Kerboros-Authentication. The browser did not hand the authentication tokens around. Not sure if that screenshot is IE, but if it is, check if switching the following settings change the behaviour:

Extras => Internet options => Advanced => Security : "Activate integrated windows authentication" and "enable advanced protection mode" (or something sounding similar, i´ve translated the names from german)

answered Dec 13 '17 at 15:58

Brandtware

451
4
17

1

**1)** I inserted the necessary verbs in the Web.config file and it is working in the dev environment. **2)** If I send the Delete Request through postman, it shows 401 Unauthorised error but if I send it through browser and inspect in the network tab, it shows me a 404 Not Found. **3)** I'm testing on Chrome, Firefox using mac and windows. – Naveed Abbas Dec 13 '17 at 16:37
1) if dev-environment is iis-express while prod is not (you have not specified that, just a posibility), it does not necessarily behave the same. 2) If it shows 404, maybe the request starts "at the wrong subfolder". Have you tried using the path you see in the network-tab directly via fiddler for example? Or could you throw another statuscode in your code, to check if that is your handling for dataInDb is null or default IIS handling? 3) dang, did not have problems with those :( – Brandtware Dec 14 '17 at 10:32

score 1 · Answer 3 · answered Dec 14 '17 at 02:48

1

Did you try adding the Basic Authentication in ajax beforeSend for the pop-up authentication ?

beforeSend: function (xhr) { xhr.setRequestHeader ("Authorization", "Basic " + btoa(username + ":" + password)); }

answered Dec 14 '17 at 02:48

HuntsMan

762
5
16

You suggest that I should set additional parameters in the ajax request? or simply in the document.ready function?. But do I have to insert the username and password in the view or would it simply work? – Naveed Abbas Dec 14 '17 at 07:35
@ToughGuy hat's the username and the password of the basic authentication in web server configuration. and if your using a post man please add basic authentication on the request.. – HuntsMan Dec 14 '17 at 08:54
1

Don't you think it wouldn't be a potential security vulnerability to add username and password in my view? – Naveed Abbas Dec 14 '17 at 09:34
that's just for a test whats the response when putting the credentials ? – HuntsMan Dec 14 '17 at 10:13
401 Unauthorized – Naveed Abbas Dec 14 '17 at 10:16
then it means that your credentials used in basic authentication is not match to the servers basic authentication credentials. – HuntsMan Dec 14 '17 at 10:18
Credentials are double checked. In fact copy pasted directly from the server. I guess it's more likely an application rights issue that can only be handled by the hosting provider. – Naveed Abbas Dec 14 '17 at 10:20
please check your BasicAuthHttpModule for the basic authentication. credentials. and check aslo if you allow all the HttpRequest verbs – HuntsMan Dec 14 '17 at 10:21
Can you please elaborate. You mean I should add few string for BasicAuthHttpModule in the web.config. Can I get any example? – Naveed Abbas Dec 14 '17 at 10:29

Asp.net Ajax Delete Record not working on Production Server

3 Answers3