apologies if the question is dumb, to be honest I myself feel I'm missing something very simple...!
here's the case: we have a web site (A) which uses windows authentication the application calls another web api site (B) hosted on the same server which also uses windows authentication.
with following codes I'm able to call web apis and impersonate the user:
var wi = (System.Security.Principal.WindowsIdentity)System.Web.HttpContext.Current.User.Identity;
wi.Impersonate();
using (var client = new HttpClient(new HttpClientHandler() { UseDefaultCredentials = true }))
{
//call the api ... successfully impersonated!
}
With above I can call web apis on site B from site A (in the server side code).
My problem is on the client side (javascript) that I need to call ajax methods to GET/POST/... web apis. I know I need to add xhrFields to ajax calls:
$.ajax({
url: apiUrl,
type: 'GET',
xhrFields: {
withCredentials: true
},
success: function (res) {
},
error: function (res) {
}
});
However this prompts for credentials, while user already has provided credentials to browse the website A. Any ways to somehow include the credentials (or token) from the session into the ajax call?
thanks in advance,
from How to pass Windows Authentication credential using $.Ajax to Web API service
No comments:
Post a Comment