Authenticate WCF when called from jquery($.ajax) RRS feed

  • Question

  • We are calling the WCF from javascript in html file.

    How to apply authentication to WCF service(not REST Service) when called from jquery($.ajax).

    Also we do not want to install any CERTIFICATE on the server where WCF is deployed.

    Wednesday, April 24, 2013 5:40 AM


All replies

  • Ajax will in your case use token of the user who has opened the browser. When you open the web-page (which contains your ajax code) some authentication will be explicitly (you must provide credentials) or implicitly (existing Windows token will be used) done.

    Outgoing call to WCF will use that token automatically.

    The authentication type is defined by your host, probably IIS.

    Damir Dobric

    • Proposed as answer by Nico_He Friday, April 26, 2013 1:19 AM
    • Marked as answer by Haixia_Xie Friday, May 3, 2013 10:25 AM
    Wednesday, April 24, 2013 7:31 AM
  • Thanks for your reply.

    But we are calling the WCF from javascript in .html page and not web-page(.aspx page).

    How to apply authentication when WCF called from  javascript in .html page.

    Wednesday, April 24, 2013 8:58 AM
  • Hi, it is similar for html page and the aspx page.
    Friday, April 26, 2013 1:19 AM
  • Thanks for reply.

    If, for e.g., WCF is authenticated with UserName and Password, then from aspx page we can pass username and password.
    But for WCF called from jQuery(in HTML page and NOT ASPX page), still we need to get and pass UserName and Password ???.

    Or any other way to apply WCF authentication when called from jQuery in .html page?

    Friday, April 26, 2013 4:52 AM
  • Hi,

    You can authenticate the service with windows authentication, the service will send response to acquire user's windows credential, if the browser cached the windows credential, it will provide it to service without user's notification, if not, a dialog popup to ask user's windows username/password. Please take a look at the discussion in this thread.


    Another thread on how to provide basic credential in javascript.


    Hope these information can help you.

    Best Regards.

    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    • Marked as answer by Haixia_Xie Friday, May 3, 2013 10:25 AM
    Tuesday, April 30, 2013 8:47 AM
  • Thanks for your reply.


    The above link has the example of webservice.

    My query is that is it possible to authenticate WCF with UserName and
    Password when called from jquery and call any operation contract of the

    This can be done using WCF Rest service. But we do not want to use WCF Rest service.

    Also we donot want to install any certificate on server.

    Saturday, May 4, 2013 7:19 AM
  • Hi,

    if your webservice is properly configured for Transport security, UserNameToken credentials only, your client code (JS) does not have to do anything. Your client web applications is started from WebServer. before your applications can download any HTML (ASPX) file the user will have to authenticated.
    Whatever the authentication is used, once the browser has received the response it will keep that token (NTLM, Kerberos or UserNamePwd).

    For any next request query or not, HTML or SVC, browser will send the token obtained on the first response.
    When after all your WCF service is invoked, you must ensure that the service is configured to receive that token.

    For example, if the first request to default.aspx was used via NTLM authentication and WCF is configured to use BasicCleartext (TransportSecurity with UserNameCredentials) it will fail.

    BTW, you can implement your own authentication with BasicCleartext (appending username pwd credentials to authorization header) to do any additional tweek you might like. For example your asp.net application use Kerberos and WCD uses username token. However this is a more complex task I personally find it out of scope of this discussion.

    Hope this helps. :)

    Damir Dobric

    Saturday, May 4, 2013 12:53 PM