Please help me on this urgently…!!!
ENVIRONMENT: IS/DEV 7.1.1
GOAL: I want to achieve basic authentication for my flow service which has an HTML content in its output template.
Problem: Some times i see an expected “Not authorized Page” and some times I don’t when i invoke my flow service from browser.
USE CASE: I have configured my IS with a testACL which is assigned to test testGrp which has a test_user assigned to it successfully.
The ACL has testGRP in its allowed list only and the access mode is configured to “Deny by Default” which is set on port number 8000 for HTTPS connection.
This port was configured using a self signed certificate and the application used was openSSL.
Now when i invoke the service from IE6, first i get some messages about the server certificates to be send to and verify the server self signed certificate, after clicking on “Yes” that is i accept the certificate, i see a dialog box asking me for user name and password. Up till here its all working as expected.
Now when i see the Username/password dialog box and i click on cancel button directly without providing any credentials, i see the output of my flow service (The HTML content of it defined in output template).
The testACL has been assigned to this flow service with all the possible combinations of read, write, always check acl etc. still i see the HTML PAGE.
Cause Of Problem: By doing some more R&D on this, i could figure out the problem causing this.
In my html code defined in output template of the flow service, if i remove the table tags or some more html content from the tag of the output template, i can see a “Not authorized to view” page but whn i put my formatted tables and stuff in the body tag…i can see the output of my flow service.
i.e. the body tag of my output template should be empty, as am not sure which all html tags affect this behavior.
This behavior is strange and i was not able to find much related to it on net, so guys please help me out here. Any tips would be help full.
On the server Security logs, i always see a “Access Denied. No permissions to invoke service Services:test on Port HTTPSListener@8000.” no matter what if i see a “Not authorized page” or not.
Thanks,
Shobhit