I have created a page.dsp and .access file in the same directory under pub folder of package. Set the ACL to Anonymous also.
.access file — page.dsp Anonymous
Reloaded the page.
While launching the DSP, content of DSP is visible but prompt of username and password is also appearing .
Wrapper service that calls wwm.server.packageList = Anonymous
I also created a new solution, Added few extended setting properties but still prompt is coming. Written javascript code too to remove the prompts but of no use.
webMethods version – 10.3
Don’t want to use setdefaultaccess service in wmroot package…
Can anyone please help in removing the authorization prompt??
Your .access file entry seems to be fine. And you have indicated that the Wrapper Service (which is part of your DSP) has Anonymous Permission, I hope the “Execute ACL” for the Wrapper Service is also set to Anonymous. I doubt that the Authorization Prompt you see is actually for Server Level Logging Validation and cannot be done away with. But it is just a guess from my end. Perhaps there might be a way which the Experts of this community can highlight.
Also you may have a look at this Topic resolved by @John_Carter4 couple of years ago
@John_Carter4 , @Kailash_Mishra The service acl is set to Anonymous and stateless property is also set to false and yes it is not clustered environment .
Yes it is server level logging validation
anyway to fix this to avoid this server level logging validation
Try creating a separate port and Set Access Mode to Allow by Default
Configure Package Name (which has dsp) linked with port.
And DSP service execute ACL as Anonymous
A DSP that just opens without asking for credentials is absolutely possible without any dirty workarounds like settings up a different port.
The .access files are only read on package reload. So after every change you must reload the package.
If the DSP includes any CSS or JavaScript files, those files also need to have the anonymous access added to .access.
If files exist in a sub-directory of ./pub (often the case for .css or .js), this sub-directory must have its own .access file.
In general the approach to have a wrapper service with Anonymous ACL is the correct approach
What you are experiencing is “normal” ;-). It happens to me all the time. Because I was sure to have nothing in the invocation chain that would require authentication. Guess what: I always had overlooked something (esp. files as mentioned above). So you can relax, because you are not alone in that, admittedly, frustrating experience.
I recommend the following approach, especially when you haven’t done this a couple of times before:
Remove all(!) service invocations from the DSP file. This will ensure that you test the file itself. Because if I understand things correctly, it is currently only an assumption that the service is responsible.
Add a service that is know to have Anonymous as ACL. I recommend wm.server:ping. Yes, that does add anything to the screen output. But will confirm (or not) that in principle things work.
I did try to create a Blank DSP file in the Pub directory of a Package and then created a .access file and gave permission as Anonymous for this DSP followed by a Reload of the Package and could see that No Credentials prompt was asked when I tried to access the DSP via Browser ( Google Chrome).
Hi @Pratiksha2 ,
So this indicates that my earlier assumption of the Login Prompt being Server Level Login Validation was mistaken. So there must be something extra in your DSP Code that requires Authentication. Please have a look on the suggestions from @jahntech.cj
Hi @Pratiksha2
I have created one simple flow service (execute ACL as anonymous) in my local and 1 dsp page with .access (set as anonymous) file and after that reloaded pacakge. Now when i am accessing this DSP from Chrome and Safari, it is not asking for any credential.
So looks like there are other service invocation in your DSP which are having some default execute ACLs ( as suggested by @jahntech.cj ). Please check attached sample package for your reference.