跨域Ajax调用MVC WebApi Web服务不包括凭据cookie

时间:2014-05-16 13:35:53

标签: jquery asp.net-mvc asp.net-web-api cors

我在sharepoint.mysite.com上托管了一个SharePoint网站,我已将其设置为使用ThinkTecture Identity Server进行身份验证。我能够成功登录这个网站。

我在webservice.mysite.com上设置了MVC WebApi Web服务,该服务也配置为使用ThinkTecture Identity Server进行身份验证。

在我的一个sharepoint页面上,我对WebApi Web服务进行了JQuery AJAX调用。我已将crossDomain设置为true,并将withCredentials设置为true。 OPTIONs预检请求成功返回,但cookie未与实际请求一起传递。

$.ajax({
                type: "GET",
                contentType: "application/json; charset=utf-8",
                url: "http://webservice.mysite.com/api/[controller]/[method]",
                crossDomain: true,
                xhrFields: {
                    withCredentials: true
                },
                data: {},
                datatype: "json",
                success: getDataSuccess,
                error: getDataError
            });

预检请求收到以下标题:

HTTP/1.1 200 OK
Via: 1.1 ISIS
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Content-Length: 0
Expires: -1
Date: Fri, 16 May 2014 13:17:28 GMT
Server: Microsoft-IIS/8.5
Cache-Control: no-cache
Pragma: no-cache
Access-Control-Allow-Origin: http://sharepoint.mysite.com
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: accept, content-type
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET

然后使用以下标头发送请求:

GET http://webservice.mysite.com/api/[controller]/[method] HTTP/1.1
Host: sharepoint.mysite.com
Connection: keep-alive
Cache-Control: max-age=0
Accept: */*
Origin: http://sharepoint.mysite.com
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/537.36
Content-Type: application/json; charset=utf-8
Referer: http://sharepoint.mysite.com/page
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8

回复如下:

HTTP/1.1 401 Unauthorized
Via: 1.1 ISIS
Connection: Keep-Alive
Proxy-Support: Session-Based-Authentication
Connection: Proxy-Support
Content-Length: 61
Expires: -1
Date: Fri, 16 May 2014 13:29:53 GMT
Content-Type: application/json; charset=utf-8
Server: Microsoft-IIS/8.5
Cache-Control: no-cache
Pragma: no-cache
Access-Control-Allow-Origin: http://sharepoint.mysite.com
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET

{"Message":"Authorization has been denied for this request."}

如何让它随请求发送凭据cookie?

0 个答案:

没有答案
相关问题
最新问题