Hello all,
The app we are working on uses custom errors extensively to provide
friendly error pages to users whilst logging the actual exceptions
behind the scenes.
However.... We are now having to integrate some Web services into the
application using the existing architecture. These Web services are
secured using Forms Authentication. Hence, we need to turn the default
behavior of Forms Authentication (redirects to login pages, etc) into
exceptions that can be handled by a non GUI client (ie. Web service
consumer).
Heres the problem....
In the AuthenticateRequest event, we check if a secure Web service is
being called. If so, we check for an authentication ticket in the Soap
header. If its not there, we throw a "MissingAuthenticationTicket"
custom exception. This gets wrapped in a SoapException and we want
this to get passed to the client.
However.... the custom error page gets called instead, redirecting the
client to Error.aspx and logging the exception on the server. This is
secure, but very hard to handle at the client.
Anyway, what I would like to be able to do is just before throwing the
MissingAuthenticationTicket exception, turn off custom errors for this
request only. Hence the exception would get passed to the client as
expected.
Is there anyway to achieve this?
Thanks in advance for any help,
Regards,
Matt