3

My service is secured with basic authentication set in IIS and i am try to get data from service with Jquery.

Cross domain calls is enabled.

I have next request headers

Host http:\\service.com
User-Agent Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language en-gb,en;q=0.5
Accept-Encoding gzip, deflate
Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection keep-alive
Origin null
Access-Control-Request-Me... GET
Access-Control-Request-He... authorization
Pragma no-cache
Cache-Control no-cache

Responses

Content-Type text/html
Server Microsoft-IIS/7.5
WWW-Authenticate Basic realm="172.27.131.5"
X-Powered-By ASP.NET
Access-Control-Allow-Orig... *
Access-Control-Allow-Head... *
Date Fri, 12 Aug 2011 08:07:29 GMT
Content-Length 1293

Code

 $.ajax({
     headers : {
        "Authorization" : "Basic TVNF3TQtU1BGMjAx6C12bVxzbW4ydHBvaW50OlF3Z5J0eSEyM6Q1"
     },
     type: "GET",
     url: url,
     contentType: "application/json; charset=utf-8",
     dataType: "json",
     success: function(data) {
      alert('ok!');
      formatData(format_type,data);
     },
     error: function(jqXHR, textStatus, errorThrown) {
          alert(textStatus + ' / ' + errorThrown);
     }
  });

also i tried to set

 beforeSend : function(xhr) {
      xhr.setRequestHeader("Authorization", "Basic " + Base64.encode(username + ':' + password));
        },

But i have next error:

Request header field Authorization is not allowed by Access-Control-Allow-Headers

What i am doing wrong?

Improve this question
2
  • 1
    try the ajax call without the headers Commented Aug 12, 2011 at 8:40
  • 1
    So how service will authentificate? Commented Aug 12, 2011 at 8:42

3 Answers 3

Reset to default
9

Try adding the following code to the global.asax in your WCF project (only works when hosted in iis):

protected void Application_BeginRequest(object sender, EventArgs e)
{
    EnableCrossDomainAjaxCall();
}

private void EnableCrossDomainAjaxCall()
{
    HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "*");

    if (HttpContext.Current.Request.HttpMethod == "OPTIONS")
    {
        HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST");
        HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, Accept");
        HttpContext.Current.Response.End();
    }
}

Jquery issues an OPTIONS call to the WCF service to check if the call is allowed. You'll have to match the exact header. You can also download an example here: http://sameproblemmorecode.blogspot.com/2011/10/creating-secure-restfull-wcf-service.html.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

you need to enable the cross domain in your ajax call

$.ajax({
     headers : {
        "Authorization" : "Basic TVNF3TQtU1BGMjAx6C12bVxzbW4ydHBvaW50OlF3Z5J0eSEyM6Q1"
     },
     type: "GET",
     url: url,
     crossDomain:true, <--
     xhrFields: {
        withCredentials: true
     }, 
     contentType: "application/json; charset=utf-8",
     dataType: "json",
     success: function(data) {
      alert('ok!');
      formatData(format_type,data);
     },
     error: function(jqXHR, textStatus, errorThrown) {
          alert(textStatus + ' / ' + errorThrown);
     }
  });
Improve this answer

Comments

1 
$.ajax({
    url: 'https://www.tejastank.com/moderator/v1/series?key='+key,
    data: myData,
    type: 'GET',
    crossDomain: true,
    dataType: 'jsonp',
    success: function() { alert("Success"); },
    error: function() { alert('Failed!'); },
    beforeSend: setHeader
});

Solve the Access-Control-Allow-Origin error modifying the dataType parameter to dataType:'jsonp' and adding a crossDomain:true.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.