我想从位于domainB.contoso.com上的Web应用程序访问位于domainA.contoso.com上的listdata.svc(一个sharepoint服务) – 身份验证似乎是个问题.
当尝试通过JQuery Ajax调用访问ListData.svc时,启用CORS,服务器返回401.如果我从SharePoint内部执行的.htm页面运行相同的查询,则调用正常,因为域名是相同.
SharePoint正在使用NTLM关闭匿名身份验证 – 我认为401是Windows凭据未传递到SharePoint服务器的结果 – 但我不知道如何将这些凭据正确添加到标头.我已经设置了xhrFields:{withCredentials:true},但这似乎无法解决身份验证问题.
为了启用CORS,我在IIS中的SharePoint上设置了以下HTTP响应标头:
> Access-Control-Allow-Credentials:true
> Access-Control-Allow-Headers:Origin,Content-Type,Accept
> Access-Control-Allow-Origin:*
>访问控制请求方法:POST,GET,HEAD,OPTIONS
在我的Web应用程序的IIS中启用了Windows身份验证,我没有在IIS中设置“OPTIONSVerbHandler”HTTP处理程序.把它翻到阅读似乎没有什么区别.
JQuery Ajax调用(来自subdomainB.contoso.com上的应用程序):
$.ajax({
type: "GET",contentType: "application/json; charset=utf-8",url: listUrl,xhrFields: { withCredentials: true },crossDomain:true,processData: false,async: true,dataType: "json",converters: {
// WCF Data Service .NET 3.5 incorrectly escapes singles quotes,which is clearly
// not required (and incorrect) in JSON specs.
// http://bugs.jquery.com/ticket/8320?cversion=0&cnum_hist=1
"text json": function (textValue) {
return jQuery.parseJSON(textValue.replace(/(^|[^\\])\\'/g,"$1'"));
}
},success: function (data,status,xhr) {
//successFunc(data.d.results);
alert("working!");
},error: function (xhr,error) {
alert("failure!");
}
});
HTTP标头和401响应:
Key Value Request OPTIONS /_vti_bin/ListData.svc/Contacts HTTP/1.1 Accept */* Origin http://domainB.contoso.com Access-Control-Request-Method GET Access-Control-Request-Headers content-type,accept Accept-Encoding gzip,deflate User-Agent Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0) Host domainA.contoso.com Content-Length 0 DNT 1 Connection Keep-Alive Cache-Control no-cache Key Value Response HTTP/1.1 401 Unauthorized Server Microsoft-IIS/7.5 SPRequestGuid 1e33061c-f555-451b-9d69-0d83eff5f5ea WWW-Authenticate NTLM X-Powered-By ASP.NET MicrosoftSharePointTeamServices 14.0.0.4762 Access-Control-Allow-Headers Origin,Accept Access-Control-Allow-Origin * Access-Control-Request-Methods POST,OPTIONS Access-Control-Allow-Credentials true Date Wed,15 May 2013 15:04:51 GMT Content-Length 0
