T. Frick T. Frick - 1 year ago 143
Javascript Question

How can I fire an AJAX post with the Authorization header the first request (Windows Authentication)?

I have a web application that consists of a video page and a Web API that will perform some logging (page load, video complete, or page close). I fire these events using an ajax post:

function logAction(actionToLog) {
type: 'POST',
url: "/api/v/" + currentVideoName + "/" + currentUser + "/" + vid.currentTime + "/" + actionToLog + "/" + currentBrowserType + "/",
cache: false,
contentType: 'application/json; charset=utf-8'

Using Fiddler, I noticed that all of these calls are being executed twice:

Header for the first (Unauthorized 401) request. No authorization token:

POST http://HOSTNAME/api/v/ValuePropVideo1/tfrick/0/started/Chrome/ HTTP/1.1
Connection: keep-alive
Content-Length: 0
Cache-Control: max-age=0
Accept: */*
Origin: http://HOSTNAME
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36
Content-Type: application/json; charset=utf-8
Referer: http://HOSTNAME/v/ValuePropVideo1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8

Header for the second (valid) request. Authorization token present:

Authorization: Negotiate YIII+QYGKwYBBQUCo...

This works fine for page loaded and video completed because the browser is still open, but when I fire my ajax call for the user closing the browser, only the first request is sent and a 401 error is received.

My question is: How can I fire these ajax calls using the windows credentials?

Answer Source

After struggling with this issue for a long time, I decided to go into the IIS setup and remove the "Negotiate" provider under the advanced settings for "Windows Authentication" under "Authorization"; leaving only NTML. This seems to fix my issue.

site->Authentication->Windows Authentication->Providers