Asp.Net web service: I would like to return error 403 forbidden

c# asp.net http-status-code-403 web-services

I have got a web service programmed in c# / asp.net.

[WebService(Namespace = "http://example.com/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[ScriptService]
[System.ComponentModel.ToolboxItem(false)]
public class Service: System.Web.Services.WebService
{

    [WebMethod]
    [ScriptMethod(ResponseFormat = ResponseFormat.Json)]
    public Result GetData()
    {
        User user = GetUser();

        if (user.LoggedIn)
        {
            return GetData();
        }
        else
        {
            // raise exception -> return error 403
        }
    }

How is it possible to return error 403 out of this web service? I can throw an exception - but this shows the exeption and not his error.

Any ideas?


If you were using MVC you'd do the following:

            return new HttpStatusCodeResult(HttpStatusCode.Forbidden);

You don't need to set both Context.Response.Status and Context.Response.StatusCode. Simply setting

Context.Response.StatusCode = (int)System.Net.HttpStatusCode.Forbidden

will automatically set Response.Status for you.


To answer the question completely - this is the code I've used (thank you strider for more information):

[WebService(Namespace = "http://example.com/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[ScriptService]
[System.ComponentModel.ToolboxItem(false)]
public class Service: System.Web.Services.WebService
{

    [WebMethod]
    [ScriptMethod(ResponseFormat = ResponseFormat.Json)]
    public Result GetData()
    {
        User user = GetUser();

        if (user.LoggedIn)
        {
            return GetData();
        }
        else
        {
            Context.Response.Status = "403 Forbidden"; 
            //the next line is untested - thanks to strider for this line
            Context.Response.StatusCode = 403;
            //the next line can result in a ThreadAbortException
            //Context.Response.End(); 
            Context.ApplicationInstance.CompleteRequest(); 
            return null;
        }
    }

You can protect all your methods by placing the code in your WebService constructor. This prevents your WebMethod from even being called:

public Service(): base()
{
    if (!GetUser().LoggedIn)
    {
        Context.Response.StatusCode = (int)System.Net.HttpStatusCode.Forbidden;
        Context.Response.End();
    }
}

In Asp.Net Web Api 2, you'd use:

return new StatusCodeResult(HttpStatusCode.Forbidden, this);

Related

How can I completely disable CoffeeScript in a Rails 3.1 app?
What is the maximum Elasticsearch document size?
Abstract UserControl inheritance in Visual Studio designer
Counting number of occurrences of a char in a string in C
importing a module in nested packages
how to get text from textview
Override styles in a shadow-root element
Java versioning and terminology, 1.6 vs 6.0 OpenJDK vs Sun
Changing packaging based on active profile in pom
How can I create an Action delegate from MethodInfo?
Firefox 6 Infinite Page Refresh With Page With Hash Tags
Uncaught (in promise): Error: StaticInjectorError(AppModule)[options]