Repo Man Repo Man - 2 months ago 16
reST (reStructuredText) Question

WCF REST Service - 401 Unauthorized

We're in the process of developing a WCF REST web service which just receives a bunch of arbitrary text from any anonymous user and then performs some processing on the back end.

For example, here's one method from our web service:

[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]
public class MyRESTService : IMyRESTService
[WebInvoke(Method = "PUT", UriTemplate = "/MyRESTMethod?paramA={paramA}&paramB={paramB}")]
public Stream MyRESTMethod(string paramA, string paramB, Stream rawData)
//do some stuff...

If we just use the default IIS settings we get a
(401) Unauthorized
. However, after much trial and error we figured out that we could get it to work by giving WRITE access to 'Everyone' on the actual
file for our service.

My question is: why in the world would IIS need to have WRITE access to an
file for this to work? Is there a better way or am I stuck with this hackish (and possibly insecure) workaround?

WTF Microsoft?

Possibly related - PUT and DELETE in RESTful WCF Service cause 401 Unauthorized error


After talking to a tech representative from M$ I was informed that this is indeed the expected behavior. The service must have write access enabled for someone to send a request to it, and when you do this it will actually set write access automatically on the .SVC file as well.