Hi Guys,

I have been read through many responses and examples on the net regarding this issue. However supply a complete answer with regards to how to resolve this issue. I require my WCF Service to work for Registered users.

 

The response below found on a different website, certainly does not resolve any issues.

When accessing the WebAPI from the bowser (when not already logged in) you are prompted for you username and password (http authentication) but this fails with a "Password Retrieval is not enabled" error if you configured DNN to store passwords hashed and disabled password retrieval (password retrieval is impossible with hashed password)
Password retrieval is no issue here, you're just logging in. Also it is only the setting which causes the problem, not the actual way passwords are stored. Changing the setting, without any change to the stored passwords, will allow you to log in.
 
Steps to reproduce:

• in the web.config, set enablePasswordRetrieval="false" and passwordFormat="Hashed". (this only impacts new passwords, existing passwords are unchanged)
• Create a WebAPI service and don't allow anonymous access.
• Using a webbrowser with which you are not logged in, visit the api url
• You will now be prompted for your username and password, enter it. (use a valid user name, password doesn't matter)
  Actual result:
  Error message:Password Retrieval is not enabled   Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.  Exception Details: System.Configuration.Configurati sException: Password Retrieval is not enabledSource Error:  An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.  Stack Trace: [Configurati sException: Password Retrieval is not enabled]   System.Web.Http.WebHost.HttpControllerHandler.EndProcessRequest(IAsyncResult result) +113   System.Web.Http.WebHost.HttpControllerHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +10   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +8970141   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +184
  Expected result:
  Access to the web service.
   
  NB: If you were already logged into the DNN site when accessing the WebAPI, you would have been authenticated based on your cookie and granted access.
    NB: This looks very much like the error I got when adding a new site while the password format was set to "hashed"DNN-25851 which might mean it's a bug on 7.04, 7.05 and 7.06 but can not be reproduced in 7.1?

Jonathan Sheely's example dnndashservice  does not work either .... 

Would it be possible for DNN Developers to provide a sample of the web.config configuration and a client call to make this work? 

There was some talk about webapi side authorisation being better supported in dnn 7.2.1 ... Not sure that it is currently supported in the way you require ... As far as I recall the current implementation expects an existing dnn context from a physical logged in user