0

I am exposing some Rest services through an MVC 4 (.net) project. They are deployed behing an adfs authentication server. Other applications, that are behind the same ADFS are calling my services through ajax calls.

The problem is that the calls are stuck on the adfs. Even though the user was authenticated when he logged into the application, the auth cookie is under the app domain, and obviously not in the services server domain.

The cookies are locked under httpOnly, so i can't duplicate them for my services server (justifiably so). Is there a way to "steal" the cookies, or maybe another work around?

dor.elmaliach
  • 515
  • 5
  • 14

1 Answers1

0

I think you are using Web API services. If so, please check whether your services are CORS support enabled or not.

Please go through http://brockallen.com/2012/06/28/cors-support-in-webapi-mvc-and-iis-with-thinktecture-identitymodel/

it may helps you.

Razack
  • 950
  • 3
  • 13
  • 26
  • Thanks for the reply, but it is not because of cors (which is enabled in the server). The requests are stuck in the ADFS because of what I described.They are not going through to our server. – dor.elmaliach Feb 03 '15 at 07:07