Office App Ajax with auth header, connecting to secured web api 2 backend with cors enabled

Question

I'm building a content panel app for Office.

Part of that requires authenticating an account against a server. I've implemented my own AuthorizationFilterAttribute on my web api 2 controllers, and called config.EnableCors(new EnableCorsAttribute("*", "*", "*")); on my web api registration.

I built a test script that fires a simple get at an endpoint and I can get it to work in chrome and ie.

var token = btoa(username + ':' + password);

$.ajax({
    url: 'http://www.someendpoint/',
    type: 'GET',
    beforeSend: function (request) {
        request.setRequestHeader("Authorization", "Basic " + token);
    },
    success: function (data) {
        return true;
    },
    error: function (data) {
        return false;
    }
});

Problem is that it doesn't work in the app.

The error: function is being hit and the data contains "Error: Access is denied.\r\n"

I've attempted to use $.support.cors = true; in addition to ensuring the domain name is given permission in the App Manifest.

Anyone have any ideas on what else to try?

score 3 · Accepted Answer · answered Jun 09 '14 at 23:32

3

So it turns out that in the project properties, office apps enforce SSL by default, which is great to be honest, but not ideal when testing against a non SSL domain.

The answer to this is to adjust the project settings as shown below.

Disable SSL for Ajax Cors request in OFfice Apps

answered Jun 09 '14 at 23:32

Lucas

643
1
9
21

Office App Ajax with auth header, connecting to secured web api 2 backend with cors enabled

1 Answers1