0

The Application

In short, the application surfaces data from a backend onto a web page. The client application is a Single Page Application made using AngularJS. It calls an ASP.NET Web API service located on a different domain to retrieve the data. I utilize BreezeJS on both the client application and the web service to manage this data. The client is hosted on a SharePoint Online site, and the service is hosted on IIS7.

The Error

I encounter an "Access is Denied" error when AngularJS attempts to make an XMLHttpRequest.open() call targeting this web service. However, though this seems like a simple CORS issue, it has some peculiarities which have me stumped:

  1. Foremost, this error only occurs when using Internet Explorer 11 (or a previous version). When the application is viewed in Chrome or Firefox, it can connect and retrieve data from the service.

  2. The web service is configured to accept the calling origin.

  3. No network traffic is detected either by the native IE development tools or by Fiddler.

Specifically, the line: xhr.open(method, url, true); of the angular.js file throws this error.

Does anyone have any insight as to why this error occurs?

Also, if more specific details are needed I certainly can provide them. I'm not even sure where the issue might be coming from and I don't want to dump tons of irrelevant lines of code.

Community
  • 1
  • 1
P. W. Lambert
  • 21
  • 2

2 Answers2

1

I think that this is due to using "localHost", i.e when attempting to access a resource in the "Local intranet" zone from an origin in the "Internet" zone.

See: Access denied in IE 10 and 11 when ajax target is localhost

Community
  • 1
  • 1
Jay Traband
  • 17,053
  • 1
  • 23
  • 44
0

This is not just a localhost issue as previously suggested. I have a production AngularJS application that is trying to POST to a public Web API 2 on a different domain. IE11, Chrome, and Firefox work without a hitch when the site is accessed externally. When accessing from a subnet that can talk directly to those servers, I get Access Denied and IE doesn't even send the request (Chrome and Firefox work flawlessly, of course. One workaround (I refuse to call this a fix) is to add the site as a Trusted Site in IE11. Even when the security settings for Internet mirror the settings for Trusted Site, I get access denied. I have to add the site on each internal IE system to gain access.

Owen
  • 728
  • 7
  • 17
  • We actually had our IT dept push a script to add the site to Trusted Sites on all internal machines. – Owen Feb 09 '16 at 23:19