cancel
Showing results for 
Search instead for 
Did you mean: 

web service error 401 at HTTP Basic Authentication with jQuery AJAX requests

ximen
Participant
0 Kudos
3,335

my question: When WEB service AUTHORIZATION is on, use ajax http to display 401 unauthorized, this ajax code does not know how to write the http header

If i don't enable security verification and delete the header in ajax then there will be no problem! Participation URL:link text

1.CREATE web SERVICE at sa 17 with Support WEB CORS

  CREATE SERVICE "testc3"
        TYPE 'JSON'
        AUTHORIZATION on
       methods '*,OPTIONS'
        SECURE OFF
        USER DBA
        AS call "z_get_no"(:no);

open IE or google chrome address:http://127.0.0.1:8098/testc3?no=201917 ,then Directly enter the user name (dba) and password (sql) window,input username and password Show json data. *When using HttpPost for login authentication, the method of processing the username and password in the request header, in the form of Authorization: username password. so post headers "Authorization" : "Basic REJBOm5vcGFzc3dvcmRwZW9wbGVhZG1pbmNoYW5nZWRpdA==" (post.setHeader("Authorization", "Basic "+Base64.encodeBase64((userName+":"+userPass).getBytes())))*

2.user ajax code get sa17 webservice data:

  $.ajax({
    url:  "http://67.220.91.30:8089/testc3",
    type: "GET",

    async: false,
  headers:{
                   "Access-Control-Allow-Origin": "*,OPTIONS",
                   "Access-Control-Allow-Headers": "Authorization",
                   "Authorization" : "Basic REJBOm5vcGFzc3dvcmRwZW9wbGVhZG1pbmNoYW5nZWRpdA=="
                 },
    contentType: "multipart/form-data",
    data:  {

   "no": "201917"   
      },
    dataType: "json",

   success: (resp) => { json = resp;},
    error: (xhr, status, error) => {console.log(error);}
});

3.webservice log error:

[09/02/2020:01:50:12.645 0800] - 0.001 - 67.220.22.30:55071 - 8098 - "OPTIONS /testc3?no=201917 HTTP/1.1" - 401 Authorization Required   - 250 - 
--> Access-Control-Request-Headers: access-control-allow-headers,access-control-allow-origin,authorization    
--> Access-Control-Request-Method: GET
--> Accept: */*
--> Host: 67.220.91.30:8098
--> Origin: http://localhost:50680
--> Accept-Language: en-US,en;q=0.9
--> User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
--> @HttpQueryString: no=201917
--> Accept-Encoding: gzip, deflate
--> Connection: keep-alive

<-- Connection: close
<-- Expires: Sat, 08 Feb 2020 17:50:12 GMT
<-- WWW-Authenticate: Basic realm="gm"
<-- Content-Type: text/html; charset=ISO-8859-1
<-- Date: Sat, 08 Feb 2020 17:50:12 GMT
<-- Server: SQLAnywhere/17.0.10.5963

4. If i don't enable security verification and delete the header in ajax then there will be no problem!

CREATE SERVICE "testc3"
        TYPE 'JSON'
        AUTHORIZATION off
       methods '*,OPTIONS'
        SECURE OFF
        USER DBA
        AS call "z_get_no"(:no);

Accepted Solutions (0)

Answers (0)