I'm trying to implement a cross-domain request and am failing miserably. I'm trying this on latest versions of Firefox, Chrome, and IE10. I'm getting the same experience in all browsers. I'm trying to set either the Authentication header or a custom header key/value pair so I can pick up the value on my server. I'm using jQuery 2.03.
$.ajax({
type: "GET",
beforeSend: function (xhr, settings)
{
$.extend(settings, { headers: { "Authorization": "121212" } });
},
url: url,
dataType: "json",
processData: false,
crossDomain: true,
success: function (msg)
{
alert('it works!!!');
},
error: function (jqXHR, textStatus, errorThrown)
{
alert("error dude: " + JSON.stringify(jqXHR));
}
});
The Authorization header value on the server is null. I've tried replacing Authorization with a custom key and it doesn't get set. I've tried adding this to the ajax call:
headers: { Authorization: "fooooo" },
But doing so results in the ajax call never reaching the server. My breakpoints are never reached when I add headers: attribute to the ajax call. However, if I leave this out, then my breakpoints are hit.
I'm making a call to ASP.Net MVC WebApi controller. I have a Handler created to intercept the request and retrieve the Authorization value so I can authenticate the user for their trip to my WebAPI:
public class AuthorizationHeaderHandler : DelegatingHandler
{
protected override Task<HttpResponseMessage> SendAsync
(
HttpRequestMessage request,
CancellationToken cancellationToken
)
{
IEnumerable<string> apiKeyHeaderValues;
if (request.Headers.TryGetValues("Authorization", out apiKeyHeaderValues))
{
var apiKeyHeaderValue = apiKeyHeaderValues.First();
var user = SecurityRepository.GetUserByUserKey(apiKeyHeaderValue);
IList<Claim> claimList = new List<Claim>();
claimList.Add(new Claim(ClaimTypes.Name, user.Name));
claimList.Add(new Claim(GALClaimTypes.UserKey, user.UserKey.ToString(CultureInfo.InvariantCulture)));
claimList.Add(new Claim(GALClaimTypes.AuthenticationId, user.AuthenticationId.ToString(CultureInfo.InvariantCulture)));
claimList.Add(new Claim(GALClaimTypes.PersonId, user.PersonId.ToString(CultureInfo.InvariantCulture)));
claimList.Add(user.EmailAddress != null
? new Claim(ClaimTypes.Email, user.EmailAddress)
: new Claim(ClaimTypes.Email, "unknown"));
var identity = new ClaimsIdentity(claimList, "ApiKey");
var principal = new ClaimsPrincipal(identity);
Thread.CurrentPrincipal = principal;
}
return base.SendAsync(request, cancellationToken);
}
}
This code never fires because the Authorization cannot be set. What am I missing. I've read a lot of posts that seem to use my approach and it seems to work for them. Any insight is greatly appreciated. Thanks for your help.