none
Javascript call to WCF webservice in different website RRS feed

  • Question

  • Hi folks,
    I have a Windows 2008 R2 Server with two different IIS website.
    All the two web site use the Windows Integrathed Authentication with different application pool and hostname.
    On the site1.domain.com I have a web service WCF who use the windows authentication. I call from a html page the service using Javascript and all work fine.

    The problem: i need to call the web service from an html page on the site2.domain.com
    With javascript the call return a "Unauthorized error".
    I have see there is the possibility to add username and password encoded base64 to the header but I don't know the user password (it's a domain password).

    There is a method for make a Javascript call using the integrated windows authentication?
    I can configure the two sites for trusting each other so if I am authenticated in site1.domain.com the system recognize the user in site2.domain.com

    Thanks for any idea,
    LSo
    Lorenzo Soncini
    38123 Trento TN
    lorenzo.soncini@zzsoft.it


    LSo Lorenzo Soncini Trento TN - Italy

    Wednesday, July 24, 2013 4:45 PM

Answers

  • Sorry, I misread the post.  The issue then is you are trying to make the call in javascript which is executed in the client's browser.  If you own both websites, then is it possible to add a service on the authenticated website (the one that is hosting the html page)?  This way you will have the call originating on the server. 

    If you only need to know the user is trusted then this would work.  If you need to know information about the client then you could pass their identity in the header.  Impersonation would be more difficult.


    Jeff

    Wednesday, July 24, 2013 10:41 PM

All replies

  • Hello Lorenzo,

    As the sites are in two different domains, I suggest setting up trust between the two sites using ACS.  I have found that it is less cumbersome than setting up trust at a domain level (maybe an infrastructure guy would think differently).

    Azure Active Directory - http://msdn.microsoft.com/en-us/library/windowsazure/gg185939.aspx

    The above is more if you have two websites that you want a single sign-on type of solution.  If you want to just connect at a service level, you might consider standing up another service endpoint that is secured by a shared certificate.  You can then pass the user information in the header (if it is needed for the service, for example, filtering or authorisation).

    Cheers


    Jeff

    Wednesday, July 24, 2013 9:00 PM
  • The two website are on the same server and same domain

    LSo


    LSo Lorenzo Soncini Trento TN - Italy

    Wednesday, July 24, 2013 10:12 PM
  • Sorry, I misread the post.  The issue then is you are trying to make the call in javascript which is executed in the client's browser.  If you own both websites, then is it possible to add a service on the authenticated website (the one that is hosting the html page)?  This way you will have the call originating on the server. 

    If you only need to know the user is trusted then this would work.  If you need to know information about the client then you could pass their identity in the header.  Impersonation would be more difficult.


    Jeff

    Wednesday, July 24, 2013 10:41 PM