Why is wcf web service hosted in iis over ssl. lead to "403 Forbidden"? JQuery $ .post post OPTIONS verb?

Question

Why is wcf web service hosted in iis over ssl. lead to "403 Forbidden"? JQuery $ .post post OPTIONS verb?

I have a WCF web service hosted in IIS. It uses webHttpBinding. The methods have WebInvoke attributes so that they can access the REST style. I can successfully use them like this: http://mydomain.com/MyService.svc/some/rest/style/thing and POST are web service arguments.

Now I want to change this to HTTPS on the non-standard port 7777. I configured IIS correctly, got the certificate and all. I can access the html pages above https://mydomain.com:7777 . I added a modified webhttpbinding to add node security like:

<security mode="Transport">
    <transport clientCredentialType="None" proxyCredentialType="None" realm=""/>
</security>

I also changed my servicemetadata node behavior and removed httpGetEnabled = 'true' and added httpsGetEnabled = 'true'

I can access https://mydomain.com:7777/MyService.svc and get the info screen.

I can access https://mydomain.com:7777/MyService.svc/some/rest/style/thing with http get and get the Not Allowed message.

BUT If I try to access https://mydomain.com:7777/MyService.svc/some/rest/style/thing using POST, I get the forbidden 403

update additional information

I judge the problem

I am using jQuery and accessing the webservice via $ .post (" http://mydomain.com/ .....". Data ", callback," json ") .. which worked now I do $ .post ( " https://mydomain.com:7777/ .....". "data", callback, "json") .. and that gives me 403 ... using firebug I see instead of sending a POST it first sends OPTIONS .. and this is what 403 gives

This could be a jquery issue

+2

jquery ssl http-status-code-403 iis wcf

puffpio 25 Sep 09 at 17:43

source to share

5 answers

Ajaxe · Answer 1 · 2009-10-25T17:11:49+0000

JQuery $ .ajax, $ .get, $ .post calls do not allow cross-domain calls. When you do this, it sends OPTIONS verb instead of POST verb, even though the request method is POST.

Other work around might create another subdomain that points to the IP of the url you want to call.

Shiraz bhaiji · Answer 2 · 2009-09-25T18:52:04+0000

You need to run httpcfg to force IIS to listen for SSL traffic on a non-standard port.

Michael Ibarra · Answer 3 · 2010-01-06T21:33:10+0000

Puffpio:

Please make sure you add "callback =?" parameter to your request URI. Then you should see the GET verb in the request header.

From the jQuery documentation page :

The callback takes the form "example.com?callback=?" JQuery automatically replaces '?' with a random method name that doesn't clash with global coverage. You don't have to specify the method name yourself.

Hope it helps,

Michael Ibarra

Intekhab · Answer 4 · 2010-11-17T15:30:10+0000

If you are using MOZILLA fire fox as a browser, then it precedes the request and sends the request with the OPTIONS verb, and when the server returns a 200 OK status, it requests the actual data with the POST verb.

CROSS domain problem.

Intekhab

Jim clark · Answer 5 · 2011-10-31T16:08:31+0000

I found that I was having the same problem as the Ajax call using the jQuery.load function was returning 403 errors. I needed to go to the Home Directory in the IIS Manager default website properties and select "Configure" and then change the properties of the .cgi extension to include the OPTION verb. Searching for your question and follow up comment helped me quickly resolve this issue.

Why is wcf web service hosted in iis over ssl. lead to "403 Forbidden"? JQuery $ .post post OPTIONS verb?

More articles: