0

I'm trying to call a REST service that uses Basic Authentication from a JavaScript thats rendered on a SharePoint page. For the Basic Authentication it should use the credentials the user logged into sharepoint with.

I tried to do this using withCredentials = true, but it doesn't work, the REST service doesn't receive any credentials from the call.

jQuery.support.cors = true;
jQuery.ajax({
    url: "https://myurl?and=parameters",
    crossDomain: true,
    processData: false,
    type: "GET",
    dataType: "json",
    data: {},
    beforeSend: function (xhr) {
        xhr.withCredentials = true;
    },
    success: function (data, textStatus, jqXHR) {
        alert("Success");
    },
    error: function (jqXHR, textStatus, errorThrown) {
        alert(textStatus + ": " + jqXHR.status + " / " + jqXHR.responseText + " / " + errorThrown);
    }
});

(jQuery is our handle for jQuery 1.7.2)

Is there another way to do this? What am I missing?

EDIT: I have a different behaviour in IE and Firefox and I used a sniffer to check what is happening:

IE - The browser doesn't even try to send a request or preflight ... JavaScript jumps into the error function saying "access denied" without even trying.

Firefox - The browser sends an authenticated request, the server receives it with the correct user and answers. The client receives an OK 200 result with data ... BUT: The JavaScript then jups into the error function anyway just saying "error" (status 0).

Hinek
  • 9,519
  • 12
  • 52
  • 74
  • i use JSON RPC for it. Check http://www.jsonrpc.org/ – Zeeshan Abbas Dec 18 '13 at 10:59
  • Uhm, I'm not sure how that helps me with my problem. Can you explain, what benefit using JSON RPC would have, compared to using JSON via a REST service? – Hinek Dec 18 '13 at 12:49
  • it is a standard way of using REST and your data communication is done in JSON. You can communicate with the server through this API seamlessly and also you can do batch calls if necessary – Zeeshan Abbas Dec 18 '13 at 15:29
  • Is this REST service on the same domain? For example if your page is under http://my.sharepoint.com/ then your REST service should be under http://my.sharepoint.com/ also. If it's not the case, then you cannot use AJAX to do it due to security reason. If it's on the same domain/server, then the authentification should be automatic (just like when you call the Sharepoint Web Services)... – AymKdn Dec 19 '13 at 07:49
  • @AymKdn, no, it is not on the same domain. Would it count, if a part of the domain is the same? Like sharepoint.mycompany.com & middleware.mycompany.com ... I think, this we could manage to do ... – Hinek Dec 19 '13 at 08:09
  • @QambarRaza, ok, I didn't get that before ... so I could download a JSON-RPC JavaScript implementation and use it in my script to call te REST service? Will this work with authentication? Will it work if (like AymKdn brought up) the domains of SharePoint and the service are not the same? – Hinek Dec 19 '13 at 08:11
  • @Hinek for domain issue you can just add CORS permission see: http://stackoverflow.com/questions/2580461/how-to-respond-to-http-options-request-on-a-json-rpc-server – Zeeshan Abbas Dec 19 '13 at 12:19
  • Nope, this is two different domains regarding the JavaScript policy. You can use some tricks but it will depend which kind of admin rights you have on the server backend.... – AymKdn Dec 19 '13 at 12:38

0 Answers0