Can we access WCF service over https using Jquery $.ajax() call in cross domain?

Question

I have added SSL for both applications.

Assume https:// www.a.com and https:// www.b.com. https:// www.a.com is accessing the wcf service from https:// www.b.com through $.ajax() call. I am also using jsonp to this functionality. When these application are not https it works fine. But the $.ajax() call fails when I make it https. It giving "Internel server error" in firebug on this $.ajax() call.

Can we do such thing in secure mode?

What is the exception you are seeing on the server side? – Alex KeySmith Mar 26 '14 at 09:08 — Alex KeySmith, Mar 26 '14 at 09:08

score 5 · Accepted Answer · edited May 23 '17 at 10:09

Suggestion 1:

Using CORS(Cross Orignin resource sharing)

During the preflight request,

you should see the following two headers:

Access-Control-Request-Method

Access-Control-Request-Headers

These request headers are asking the server for permissions to make the actual request.

Your preflight response needs to acknowledge these headers in order for the actual request to work.

For example, suppose the browser makes a request with the following headers:

Origin: http://yourdomain.com

Access-Control-Request-Method: POST

Access-Control-Request-Headers: X-Custom-Header

Your server should then respond with the following headers:

Access-Control-Allow-Origin: http://yourdomain.com

Access-Control-Allow-Methods: GET, POST

Access-Control-Allow-Headers: X-Custom-Header

Reference

Suggestion 2:

Using JSON-P and Intermediate page:

create a intermediate page which makes http request to https page and return JSON-P result
If the intermediate page is in same domain then use it directly else make cross domain ajax request and use JSON-P

Reference

score 1 · Answer 2 · answered Mar 19 '14 at 09:55

1

We can access WCF service over https using jquery ajax call in cross domain, But we get security alert when such call is raised.

As per Same-origin policy we can access if it is same domain and same protocol.

For details please see Same-origin policy

answered Mar 19 '14 at 09:55

Kapil Kshirsagar

282
1
4
19

Try adding CORS to the host server, then you should get it working – aravind Mar 19 '14 at 18:59
CORS(Cross Origin Resource Sharing) is supported in most of the modern browsers so you could definetly give it a try.In simple words Your server has to retrun in respose header Access-Control-Allow-Origin:https:// www.a.com To know how more visit http://en.wikipedia.org/wiki/Cross-origin_resource_sharing – Durai Amuthan.H Mar 25 '14 at 11:14

score 1 · Answer 3 · answered Dec 28 '11 at 05:22

1

It sounds like you'd be a heck of a lot better off just reading/writing JSON data over your encrypted (https) connection. Let WCF handle whatever you want at the endpoints, but communicate with simple JSON messages. IMHO...

answered Dec 28 '11 at 05:22

paulsm4

114,292
17
138
190

score 0 · Answer 4 · answered Mar 25 '14 at 15:16

There should be nothing special about https vs http as far as jsonp requests are concerned. An internal server error usually indicates that the web server threw an exception. What is the status code (500)?

If it is a 500, I would see if you can identify any differences in the requests using chrome's debugger or firebug.

score 0 · Answer 5 · answered Mar 25 '14 at 18:54

0

I would just create a service on the host server that accepts the request from the client. The service would then make the cross-domain request and send the data back to the client. That way you don't have to change any configuration.

answered Mar 25 '14 at 18:54

bsayegh

990
6
17

Can we access WCF service over https using Jquery $.ajax() call in cross domain?

5 Answers5

Suggestion 1:

Suggestion 2: