Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
Cross server authentication
Message
De
16/09/2012 03:48:16
Viv Phillips
Hay-On-Wye, Royaume Uni
 
Information générale
Forum:
Internet
Catégorie:
Browsers
Titre:
Re: Cross server authentication
Divers
Thread ID:
01552967
Message ID:
01552985
Vues:
46
Hi,
As mentioned we are using Digest auth which works when the request is not cross-server.

>Different browsers?

Ha! The scenario below was testing with Chrome. With IE it works better:
If the request is from a site on the same server then it makes the OPTIONS request transparently and completes the authorization.
If the request is from a different site entirely then, before making the OPTIONS request it pops up a dialog ("This page is accessing information that is not under its control.....") . If you choose to continue it will complete the authorization.

Looks like the problem lies with Chrome - although I don't know whether this behaviour is by design.....

For our purposes I guess we can live with using IE (although I much prefer the Chrome debugger).

FWIW, at the moment Firefox refuses even to make the initial OPTIONS request but maybe there is a config setting to allow cross-server requests ?

Thx,
Viv

>Have you tried with a different auth mechanism? Different browsers? What's the Auth header from the server requesting (what type of auth?)
>
>Also make sure you have the auth set up properly for the IIS virtual. Best to only have one type of auth plus anonymous (if you use that) - I've had lots of issues with server sending all auth formats and browser not understanding the batch of them.
>
>I would definitely try Windows Auth or Basic temporarily to ensure this isn't a problem with digest auth.
>
>+++ Rick ---
>
>>I've a feeling this may not be doable but:
>>
>>.NET Web Api application with our own message handlers for Authentication and CORS.
>>
>>We are using Digest authentication and, for testing purposes, we are hoping to enable cross server requests. Where no authentication is required cross server works OK - however when authentication IS required the browser does not respond to the challenge.
>>
>>Sequence of events:
>>Browser sends 'OPTIONS' request.
>>Server responds allowing access.
>>Browser resubmits.
>>Server detects authentication requirement and issues challenge.
>>Browser receives the 401 but doesn't respond (I'd expect the browser login window to pop up)
>>
>>Any suggestions ?
Précédent
Suivant
Répondre
Fil
Voir

Click here to load this message in the networking platform