Resources ".svc" are not protected by IIS webagent

Document ID : KB000030443
Last Modified Date : 14/02/2018
Show Technical Document Details

Problem:

WebAgent on IIS does not intercept requests made on webservices resource ("*.svc"). It does intercept other kind of resources (same path).


For example this URI /toto is protected by SiteMinder with basic athentication scheme.
All URIs that starts by /toto are caught by SiteMinder and we are prompted for login and password Except this URI /toto/WSService.svc

We can not see the request in the Webagent traces
We can see the /toto/WSService.svc displayed correctly in the browser and in the IIS access log
We can see the following in the failed request tracing:

XXX. -NOTIFY_MODULE_START
ModuleName CASiteMinderWebagentModule
Notification 2
fIsPostNotification false
Notification AUTHENTICATE_REQUEST

XXX. -NOTIFY_MODULE_END
ModuleName CASiteMinderWebagentModule
Notification 2
fIsPostNotificationEvent false
NotificationStatus 0
Notification AUTHENTICATE_REQUEST
NotificationStatus NOTIFICATION_CONTINUE

Solution:

All modules were locked at the server level and the siteminder module was at the end at the application level.
Unlocked them and put the siteminder module at the top (first module).
If you need to protect a WebService for SOAP and REST request you may need to use SOA or WSS Agents.

Ā