published rest service, auth: active session, 401 unauthorized

0
Hi. My custom widget performs an XHR to its mendix app and expects a raw string in the response. I created a published REST service and it was working until I enabled auth: "active session", and assigned the needed role to both PRS and the operation microflow. The GET call fails with 401 unauthorized. The app log is unhelpful:   REST Publish    Incoming request from 127.0.0.1: GET http://localhost:8080/aaa/bbb/ccc REST Publish    Executing operation GET aaa/bbb/ccc REST Publish    Login failed: You are not authorized to access this resource   The XHR is performed by a 3rd-party JS library to which I pass the service URL. It doesn't know anything about Mendix. This is why I don't call a microflow directly.
asked
2 answers
0

Have you tried setting the CSRF header?

https://docs.mendix.com/refguide/published-rest-service/#32-authentication-methods

answered
0

Before you get the 401 arent you getting asked for a basic authentication alert in the browser?What i noticed in the past is, if the Active option of the service is checked then it asks you to fetch the login info and trigger the call (as if being a non mendix application) - which never works. (this is something to think about)

if you just enable Username instead of Active then it asks for the same username/password popup and this time with valid creds it will work - as expected ofcourse

 

if you enable both Username and Active - it simply takes the current login session info and make you do the call.

 

FYi i tred the same scenario of your using a JS Action(for demo) and i can see the same behavior.

answered