JQuery的Ajax和HTTP基本认证要求 [英] JQuery Ajax calls with HTTP Basic Authentication

问题描述

我有一个基于REST的服务器，我想使用jQuery来沟通。 XML和JSON可作为响应格式，所以我使用JSON。

I have a REST based server which I am trying to communicate with using JQuery. Both XML and JSON are available as response formats, so I am using JSON.

的连接都是SSL，以便HTTP基本认证一直是我们的授权方法的选择，我们已经没有任何问题与其他前端（原始的Javascript，Silverlight的，等...）

The connections are all SSL so HTTP Basic Authentication has been our authorization method of choice, and we have had no problems with other front ends (raw Javascript, Silverlight, etc...)

现在我试图把一些与jQuery和具有使用HTTP基本验证不已的问题。

Now I am attempting to put something together with JQuery and having endless problems using HTTP Basic Authentication.

我已经经历了无数previous问题冲刷其中大多数要么解决方案，似乎没有实际工作，或责怪整个问题的跨出身的访问，这是我已经克服了基本的JavaScript测试。的回答总是提供访问控制 - 允许 - 原产地设置为在请求中提供产地头，这样就可以在我的测试中的反应可以看出。

I have scoured through numerous previous questions most of which either have solutions that do not seem to actually work or blame the entire problem on cross origin access, which I have already overcome in basic Javascript testing. The responses always provide Access-Control-Allow-Origin set to the provided Origin header in the request, and this can be seen in the responses of my tests.

在基本的JavaScript，这整个调用非常简单地实现与

In basic javascript, this entire call is very simply accomplished with:

req.open('GET', 'https://researchdev-vm:8111/card', true, 'test', 'testpassword');

jQuery的尝试，这是相当标准：

The JQuery attempt at this is fairly standard:

        $.ajax({
        username: 'test',
        password: 'testpassword',
        url: 'https://researchdev-vm:8111/card',
        type: 'GET',
        dataType: 'json',
        crossDomain: true,
        /*data: { username: 'test', password: 'testpassword' },*/
        beforeSend: function(xhr){
            xhr.setRequestHeader("Authorization",
                //"Basic " + encodeBase64(username + ":" + password));
                "Basic AAAAAAAAAAAAAAAAAAA=");
        },
        sucess: function(result) {
            out('done');
        }
    });

这实际上似乎合作，提供认证的唯一方法是直接插入Base64编码的恩在 beforeSend（）函数codeD数据。如果这不包括在内，也没有任何进展制成。用户名和密码属性似乎被完全忽略。

The only method that actually seems to work to provide authentication is the direct insertion of the Base64 encoded data in the beforeSend() function. If this is not included, there is no progress made whatsoever. Username and password properties seem to be ignored entirely.

随着 beforeSend（）行为的规定，GET调用获取数据的积极响应包括在内。但是，由于这是一个跨站点调用，一个OPTIONS调用执行提前GET调用的，总是失败，因为它并没有使用 beforeSend的（），因此得到401回应因身份验证失败。

With the beforeSend() behavior provided, the GET call gets a positive response with data included. However, because this is a cross site call, an OPTIONS call is performed ahead of the GET call and always fails, because it does not make use of beforeSend() and therefore gets a 401 response due to failed authentication.

有没有更好的方式来完成的任务应该是一个很琐碎的电话吗？如果事实OPTIONS请求不使用的 beforeSend（）函数处理被认为是一个错误？有没有可能是一种方法来禁用选项检查完全？这是不可能的，使这个电话不是跨站点，以JavaScript似乎在同一台机器上的考虑，甚至不同的端口号为跨站。

Is there a better way to accomplish what should be a very trivial call? Should the fact that the OPTIONS request does not make use of the beforeSend() function processing be considered a bug? Is there perhaps a way to disable the OPTIONS check entirely? It is not possible to make this call not cross-site, as Javascript seems to consider even a different port number on the same machine as "cross-site".

推荐答案

此问题可能是早已过了有效期，但我正在用同样的事jQuery和遇到了同样的问题。

This question is probably well past its' expiry date, but I was working with the same thing with Jquery and came across the same problem.

似乎用户名和密码属性不会做一个base64连接$ C $的用户名/密码了C为你做正常完成HTTP基本身份验证。

The username and password attributes do not seem to do a base64 encode of the username/password as you do to normally accomplish HTTP basic auth.

请看下面的请求（简称为简洁起见），先使用用户名和密码参数中的JQuery的AJAX方法：

Look at the following requests (shortened for brevity), firstly using the "username" and "password" parameters in the JQuery AJAX method:

Request URL:http://testuser%40omnisoft.com:testuser@localhost:60023/Account
Request Method:GET
Accept:application/json, text/javascript, */*; q=0.01
Host:localhost:60023

现在用beforeSend方法：

And now with the beforeSend method:

Request URL:http://localhost:60023/Account
Request Method:GET
Accept:application/json, text/javascript, */*; q=0.01
Authorization:Basic dXNlcm5hbWU6cGFzc3dvcmQ=
Host:localhost:60023

请注意，第一个方法不包括在请求中的授权头，而是prefixes目标URL。我在HTTP基本身份验证方面的专家，但它表明，前者不是一个正确执行，因此失败（或至少它与我自己的服务器实现）。

Note that the first method does not include an 'Authorization' header in the request, but instead prefixes the target URL. I'm no expert on HTTP basic auth, but it would indicate that the former is not a proper implementation and therefore fails (or at least it does with my own server implementation).

至于你的选择要求使用JSONP - ？你可能尝试使用回调= 在您的网址，而不是使用跨域选项，仅仅是明确的。

As to your OPTIONS request using JSONP - you could possibly try using ?callback=? in your URL instead of using the crossdomain option, just to be explicit.

这篇关于JQuery的Ajax和HTTP基本认证要求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！