Reputation: 9356
Chrome: How to get ajax request to work with kerberos if not already authenticated
We have a REST API secured using Kerberos. Hosted elsewhere is a webapp that calls this API.
If you navigate directly to the API, then the authentication works fine and a cookie is returned. Then the webapp works just fine since it has a cookie for API's root URI.
However if you navigate to the webapp and it makes an HTTP GET request to the API using AJAX, then the request returns 401: Unauthorized as well as WWW-Authenticate:Negotiate. If I navigate to the same address, chrome would negotiate and get authenticated, but in this case it stops at this point.
There are various ugly hacks to get around the problem, like creating an IFRAME that sources some part of the API, or redirecting the user to the API and having it bounce the user back using a 307, but these are clearly not optimal.
It works fine in IE7.
What is the correct way to deal with this?
Upvotes: 2
Views: 3456
Answers (1)
Reputation: 9356
I figured out the issue. The REST API had an additional authentication layer that used the "Authorization" http header to set an api-key. After removing this security layer, everything worked fine.
I'm going to leave this question up in case anybody else makes the same mistake.
Upvotes: 1
Related Questions
- Kerberos delegation doesn't work in chrome
- Kerberos SSO Not working after Chrome Update
- Windows Kerberos Authentication for Google Chrome and Edge
- Kerberos not working with Chrome
- Kerberos authorization doesn't work on Chrome and FireFox, but works on IE
- How to prevent Chrome to redirecting AJAX requests to HTTPS?
- ASP.NET Always include Kerberos authentication in client response
- Avoid HTTP auth popup in a chrome extension (digest)
- Lack of an authentication prompt for secured URLs if requested through $.ajax
- Domain Authorization in Chrome Extension