jquery ajax call fails with 401 unauthorized

2019-09-08 11:16发布

问题:

I have a jquery ajax POST to a code-behind webmethod. In that webmethod i do a HttpWebRequest to a third party web api service that returns json. Even though the httpwebrequest works fine, a popup appears in the browser asking me to enter credentials (authentication required). On my machine this works well, however when deployed it doesn't except if there is no data returned from the httpwebrequest call.

The jquery call:

function serverCall(httpMethod, pageName, methodName, inputData, successCallback, errorCallback, disableGlobalAjaxEvents) {

    // Construct the url
    var url = pageName + "/" + methodName;    

    var triggerGlobalEvents = true;
    if (disableGlobalAjaxEvents && disableGlobalAjaxEvents == true) {
        triggerGlobalEvents = false;
    }

    $.ajax({
        type: httpMethod,
        url: url,
        data: JSON.stringify(inputData),
        contentType: "application/json; charset=utf-8",
        global: triggerGlobalEvents,
        dataType: "json",
        success: function(msg) {
            if (successCallback) {

                var parsedObject = JSON.parse(msg.d);
                successCallback(parsedObject);
            }
        },
        error: function(error, status) {
            if (errorCallback) {
                errorCallback(error, status);
            }
        }
    });

And here is the actual call:

serverCall("POST", "SomePage.aspx", "GetSomething", inpuData, onSuccess, onError, true);

The webmethod:

       [WebMethod(
          CacheDuration = 5,
          EnableSession = true)]
        public static string GetSomething(string user, string item)
{
// In the body i do the HTTPWebRequest that returns JSON
}

回答1:

Ok, problem is solved. It wasn't a security issue after all but a serialization issue. In the webmethod i stored the received object (via HttpWebRequest) in the ASP.NET Session. When deployed, the session is stored in a db and hence the serialization problem. On my machine I used inproc session, that is why it worked on my machine.