尝试实施SharePoint的CORS时，会出现401 [英] 401 when trying to implement CORS for SharePoint

问题描述

我想从位于domainB.contoso.com上的网络应用程序访问位于domainA.contoso.com上的listdata.svc（共享点服务） - 验证似乎是一个问题。

当尝试通过JQuery Ajax调用访问ListData.svc并启用CORS时，服务器返回401.如果我从从SharePoint内部执行的.htm页面运行相同的查询，工作正常，因为域是相同的。

SharePoint正在使用匿名认证关闭的NTLM - 我假设401是Windows凭据未传递到SharePoint服务器的结果 - 但我在亏损如何将这些凭证正确添加到标题。 我已设置xhrFields：{withCredentials：true}，但这似乎不能更正身份验证问题。

，我已在IIS中的SharePoint上设置以下HTTP响应标头：

• 访问控制允许凭据： / li>
  
• Access-Control-Allow-Headers：Origin，Content-Type，Accept


• Access-Control-Allow-Origin：*


• Access-Control-Request-Methods：POST，GET，HEAD，OPTIONS

对于我的web应用程序，我没有在IIS中设置OPTIONSVerbHandlerHTTP处理程序。

JQuery Ajax调用（来自subdomainB.contoso.com上的应用程序）：

  $ .ajax（{
 type：GET，
 contentType：application / json; charset = utf-8，
 url：listUrl，
 xhrFields：{withCredentials：true}，
 crossDomain：true，
 processData：false，
 async：true， 
 dataType：json，
转换器：{
 // WCF数据服务.NET 3.5错误地转义单引号，这显然是
 //不需要JSON规格
 // http://bugs.jquery.com/ticket/8320?cversion=0&cnum_hist=1 
text json：function（textValue）{
 return jQuery .parseJSON（textValue.replace（/（^ | [^ \\]）\\'/ g，$ 1'））; 
} 
}，
 ：function（data，status，xhr）{
 //successFunc(data.d.results）; 
 alert（working！）; 
}，
 error：function（xhr，status，error）{
 alert（failure！ 
} 
}）; 
  

HTTP标头和401回应：

键值
请求选项/_vti_bin/ListData.svc/Contacts HTTP / 1.1
接受* / *
原始http： //domainB.contoso.com
Access-Control-Request-Method GET
Access-Control-Request-Headers content-type，accept
Accept-Encoding gzip，deflate
-Agent Mozilla / 5.0（兼容; MSIE 10.0; Windows NT 6.1; WOW64; Trident / 6.0）
主机域A.contoso.com
内容长度0
DNT 1
连接Keep-Alive
Cache-Control no-cache

键值
响应HTTP / 1.1 401未授权
服务器Microsoft-IIS / 7.5
SPRequestGuid 1e33061c- f555-451b-9d69-0d83eff5f5ea
WWW验证NTLM
X-Powered-通过ASP.NET
MicrosoftSharePointTeamServices 14.0.0.4762
访问控制允许标头Origin，Content-类型，接受
访问控制允许原点*
访问控制请求方法POST，GET，HEAD，选项
访问控制允许认证真
日期Wed，15 May 2013 15:04:51 GMT
Content-Length 0


方案

迟到响应，但我发现了另一个线程这里有一个容易的解决方案为IIS和为我工作。

基本上CORS标准规定预检请求不应该发送任何认证信息，因此401.在该线程中有一个例子，限制匿名请求OPTIONS动词，允许200响应预检（OPTIONS）动词）请求，但仍需要其他人的身份验证。

I would like to access listdata.svc (a sharepoint service) located on domainA.contoso.com from a web application located on domainB.contoso.com - Authentication seems to be an issue.

When attempting to access ListData.svc via a JQuery Ajax call, with CORS enabled, the server returns 401. If I run the same Query from an .htm page which I execute from inside of SharePoint, the call works fine, since the domain is the same.

SharePoint is using NTLM with anonymous authentication turned off - I presume that the 401 is a result of windows credentials not being passed to the SharePoint server - but I am at a loss of how to add these credentials properly to the header. I have set xhrFields: { withCredentials: true }, but this does not seem to correct the authentication issue.

To enabled CORS, I have set the following HTTP Response Headers on SharePoint in IIS:

• Access-Control-Allow-Credentials: true
• Access-Control-Allow-Headers:Origin, Content-Type, Accept
• Access-Control-Allow-Origin: *
• Access-Control-Request-Methods: POST, GET, HEAD, OPTIONS

Windows Authentication is enabled in IIS for my web application, and I did not set the "OPTIONSVerbHandler" HTTP Handler in IIS. Turning it to read doesn't seem to make a difference.

JQuery Ajax call (from application on subdomainB.contoso.com):

 $.ajax({
        type: "GET",
        contentType: "application/json; charset=utf-8",
        url: listUrl,
        xhrFields: { withCredentials: true },
        crossDomain:true,  
        processData: false,
        async: true,
        dataType: "json",
        converters: {
            // WCF Data Service .NET 3.5 incorrectly escapes singles quotes, which is clearly
            // not required (and incorrect) in JSON specs.
            // http://bugs.jquery.com/ticket/8320?cversion=0&cnum_hist=1
            "text json": function (textValue) {
                return jQuery.parseJSON(textValue.replace(/(^|[^\\])\\'/g, "$1'"));
            }
        },
        success: function (data, status, xhr) {
            //successFunc(data.d.results);
            alert("working!");
        },
        error: function (xhr, status, error) {
            alert("failure!");
        }
    });

HTTP Header and 401 Response:

Key Value
Request OPTIONS /_vti_bin/ListData.svc/Contacts HTTP/1.1
Accept  */*
Origin  http://domainB.contoso.com
Access-Control-Request-Method   GET
Access-Control-Request-Headers  content-type, accept
Accept-Encoding gzip, deflate
User-Agent  Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Host    domainA.contoso.com
Content-Length  0
DNT 1
Connection  Keep-Alive
Cache-Control   no-cache

Key Value
Response    HTTP/1.1 401 Unauthorized
Server  Microsoft-IIS/7.5
SPRequestGuid   1e33061c-f555-451b-9d69-0d83eff5f5ea
WWW-Authenticate    NTLM
X-Powered-By    ASP.NET
MicrosoftSharePointTeamServices 14.0.0.4762
Access-Control-Allow-Headers    Origin, Content-Type, Accept
Access-Control-Allow-Origin *
Access-Control-Request-Methods  POST, GET, HEAD, OPTIONS
Access-Control-Allow-Credentials    true
Date    Wed, 15 May 2013 15:04:51 GMT
Content-Length  0

解决方案

Late response, but I found another thread here which has an easy solution for IIS and which worked for me.

Basically the CORS standard specifies that a preflight request should not send any authentication information, thus the 401. In that thread there's an example of restricting anonymous requests to the OPTIONS verb which allows a 200 response to the preflight (OPTIONS) verb) request but still requires the authentication for the others.

这篇关于尝试实施SharePoint的CORS时，会出现401的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！