none
Ajax to WCF Rest call using CORS RRS feed

  • Question

  • I have a Ajax code in a different domain sales force. My WCF is in with in my company domain.

    For Anonymous authentication the code works fine but i want the code to use windows authentication to call my WCF Rest service.

    Please suggest what is wrong here.

    Ajax code:

     $.ajax({
                    type :"POST",
                    url :"cross domain url",
                    dataType :"json",
                    crossDomain:true,
                    data: {"FileData":"Blank data is sent" , "FileName": "somefilename", "MeetingId": "somemeetingid"},
                    beforeSend: function(xhr){
                       xhr.withCredentials = true;
                    },
                    contentType: "application/json",
                    success:successResponse,
                    error:errorResponse
                });
                
                function successResponse(result)
                {
                   alert(result);
                }
            
                  function errorResponse( jqXHR,  textStatus,  errorThrown )
                {
                   alert(errorThrown);
                }
                });

    my WCF has two methods, 1 for POST and 1 for OPTION with same implementation and returns OK http status code.

    web config:

        <bindings>
          <webHttpBinding>
            <binding name="webHttpBindingWithJsonP" >
              <security mode="Transport" >
                <transport clientCredentialType="Windows"/>
              </security>
            </binding>
          </webHttpBinding>
        </bindings>
        <behaviors>
          <endpointBehaviors>
            <behavior name="webHttpBehavior">         
            </behavior>
          </endpointBehaviors>
          <serviceBehaviors>
            <behavior>
              <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
              <serviceDebug includeExceptionDetailInFaults="true"/>
            </behavior>
          </serviceBehaviors>
        </behaviors>
        <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
        <standardEndpoints>
          <webScriptEndpoint>
            <standardEndpoint name="" crossDomainScriptAccessEnabled="true" />
          </webScriptEndpoint>
        </standardEndpoints>

    and:

     <system.webServer>
        <modules runAllManagedModulesForAllRequests="true"/>
        <httpProtocol>
          <customHeaders>
            <add name="Access-Control-Allow-Origin" value="*"/>
            <add name="Access-Control-Allow-Headers" value="Content-Type"/>
            <add name="Access-Control-Allow-Methods" value="POST, GET, OPTIONS"/>
            <add name="Access-Control-Max-Age" value="1728000"/>
            <add name="Access-Control-Allow-Credentials" value="true"/>
          </customHeaders>
        </httpProtocol>
      </system.webServer>

    Please guide what is wrong which always give UnAuthorized 401 error to ajax code


    Gyana Ranjan Panda


    • Edited by Gyana Thursday, January 21, 2016 2:37 PM
    Tuesday, January 19, 2016 2:15 PM

Answers

  • This is resolved by changes in the global.asax file

    protected void Application_BeginRequest(object sender, EventArgs e)
            {          

                if (Request.HttpMethod == "OPTIONS")
                {
                    HttpContext.Current.Response.StatusCode = 200;
                    var httpApplication = sender as HttpApplication;
                    httpApplication.CompleteRequest();
                }
            }


    Gyana Ranjan Panda

    • Marked as answer by Gyana Wednesday, February 10, 2016 9:04 AM
    Wednesday, February 10, 2016 9:04 AM

All replies

  • Hi Gyana,
    According to this case, as far as I know when we use the windows authentication in

    different domain, we need to make sure the domain has been trusted each other.

    Then CORS mean the cross script domain, not networking domain.

    And you said, you can use the anonymous authentication with your service, and it works fine.

    So, this means that  your server is fine.

    In my opinion, you need to make the different networking domain to trust each other.

    How to make the different networking domain to trust each other. Please refer to the following articles:

    1. Crossing Domain Boundaries: Windows Authentication

    =====================================================================

    This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.

    Best Regards,
    Wanjun Dong (Pactera Technologies)


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. Click HERE to participate the survey.

    Thursday, January 21, 2016 3:33 AM
    Moderator
  • I went through couple of sample code available for preflight OPTIONS but that is already implemented at my end.

    Anonymous is something not acceptable at my end because of security reasons.

    Gyana Ranjan Panda

    Friday, January 22, 2016 1:54 PM
  • Hi Gyana,

    But if we want to use the windows authentication in different domain, we need to make sure the domain has been trusted each other.

    Or you can try to change the authenticate type instead of using the Windows Authentication.

    Best Regards.



    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. Click HERE to participate the survey.


    Monday, February 8, 2016 3:50 PM
    Moderator
  • This is resolved by changes in the global.asax file

    protected void Application_BeginRequest(object sender, EventArgs e)
            {          

                if (Request.HttpMethod == "OPTIONS")
                {
                    HttpContext.Current.Response.StatusCode = 200;
                    var httpApplication = sender as HttpApplication;
                    httpApplication.CompleteRequest();
                }
            }


    Gyana Ranjan Panda

    • Marked as answer by Gyana Wednesday, February 10, 2016 9:04 AM
    Wednesday, February 10, 2016 9:04 AM