User on a domain different than that of the Bentley Web Server Gateway (WSG); receives Error 403 (Access Forbidden) when attempting to authenticate providing credentials when passing a valid and working URL for the WSG server (on the same domain).
Microsoft IIS server provides support for the W3 Cross-Origin Resource Sharing (CORS) standard; simply put allows cross domain requests and authentication. WSG requires a custom application key in the Microsoft IIS web.config AppSettings section called “AccessControlAllowOrigin”. The section can be added and configured to allow all remote domain requests by providing a value of “*”, or a specific list of allowed remote domains. The section can define granular allow/deny access based on the specific incoming request types of: POST, GET, OPTIONS, PUT, and DELETE. A sample “AccessControlAllowOrigin” section is provided below for convenience:
<!--Comma separated domains that are allowed to initiate cross-origin requests using CORS (e.g. value="http://www.example.com"). Empty value to deny any cross-origin access; "*" value to allow cross-origin access to all domains.--> <add key="Access-Control-Allow-Origin" value="*" />
<!--Comma separated domains that are allowed to initiate cross-origin requests using CORS (e.g. value="http://www.example.com"). Empty value to deny any cross-origin access; "*" value to allow cross-origin access to all domains.-->
<add key="Access-Control-Allow-Origin" value="*" />
Here is the section you need to edit for WSG:
<!--Comma separated domains used in WsgExplorer that are allowed to initiate cross-origin requests using CORS (e.g. value="http://www.example.com"). Empty value to deny any cross-origin access; "*" value to allow cross-origin access to all domains.--> <add key="WsgExplorer.AllowedCrossDomainRequests" value="*" />
Microsoft Internet Information Server (IIS) W3.org support of Cross-Origin Resource Sharing (CORS)
http://www.w3.org/wiki/CORS_Enabled#For_IIS7