Why doesn't Chrome and Firefox send FormAuthentication cookie in Ajax request

Question

I am using the following blob of jQuery to issue requests to a WCF Ajax enabled webservice

The site itself is hosted at localhost:80 and the WCF services at localhost:8080

$.ajax({
    type: "POST",
    url: String.format(Service, Method),
    contentType: "application/json; charset=utf-8",
    data: JSON.stringify(Data),
    timeout: 6000,
    dataType: "json",
    success: function (e) { OnSuccess(e); },
    error: function (e) { OnFailed(e); }
});

This works fine in IE but when I attempt to run this code in Chrome or Firefox (even after the user has been authenticated) I receive the error HTTP/1.1 401 Unauthorized. After running fiddler its clear why, as chrome is not sending the Cookie .ASPXFORMSAUTH that I have configured for forms authentication.

Specifically this is what the IE request looks like

POST /SchedulerService.svc/GetAllEventsByCurrentUser HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/json; charset=utf-8
Referer: http://localhost/Calendar/Calendar.aspx
Accept-Language: en-AU
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Connection: Keep-Alive
Content-Length: 0
DNT: 1
Host: localhost:8080
Pragma: no-cache
Cookie: ASP.NET_SessionId=dmz5jv3oxa0llsph0thh1443; .ASPXFORMSAUTH=5EA7CB8124C5077933A639062999A89D35D440C6AD1A038C83A42D34694C20886506721D3CCD899BDA7B705CEF3B3024368AD6AE4523DEBDC5891E8DDD478206A3C2EF852345F70812F01D30F8F1041C2113EA2836CC5353FEAF81FC3EBF4DB6921D6DB270DE5C4102321DDD4D3923082B890995195990088749A1815B6A0BE5

VS CHROME

POST /SchedulerService.svc/GetAllEventsByCurrentUser HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Content-Length: 0
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://localhost
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.94 Safari/537.36
Content-Type: application/json; charset=utf-8
Referer: http://localhost/Calendar/Calendar.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-AU,en;q=0.8,en-US;q=0.6,en-GB;q=0.4

Could anyone provide any guidance on what might be going wrong? I realize I may need to provide more information but not sure what else is relevant.

EDIT: Well after trying many, many different ideas it seems to me that all my problems likely stem from a drastic difference in implementation of the same origin policy between IE, Chrome and Firefox. Will update when I have more...

score 0 · Answer 1 · edited May 23 '17 at 11:49

0

As your asp.net and wcf applications seem to be hosted on different ports (80 and 8080), you may give a try to beforeSend to send credentials :

$.ajax({
    type: "POST",
    url: String.format(Service, Method),
    contentType: "application/json; charset=utf-8",
    data: JSON.stringify(Data),
    timeout: 6000,
    dataType: "json",
    success: function (e) { OnSuccess(e); },
    error: function (e) { OnFailed(e); },
    beforeSend: function(xhr){
       xhr.withCredentials = true;
    }
});

see https://stackoverflow.com/a/2054370/1236044

edited May 23 '17 at 11:49

Community

1
1

answered Jun 04 '13 at 07:49

jbl

15,179
3
34
101

While I think you are on the right track, this solution doesn't appear to work. Nor does adding withCredentials = true in the xhrFields of the jQuery request. – Maxim Gershkovich Jun 04 '13 at 22:33
@MaximGershkovich if not tried already, you may give a look at http://api.jquery.com/jQuery.ajaxPrefilter/ the cross domain example helped me on a http/https matter, and the prefilter might also be better point to add the withCredentials option – jbl Jun 05 '13 at 08:04

Why doesn't Chrome and Firefox send FormAuthentication cookie in Ajax request

1 Answers1