cancel
Showing results for 
Search instead for 
Did you mean: 

web service error 401 at HTTP Basic Authentication with jQuery AJAX requests

ximen
Participant
0 Kudos
3,274

my question: When WEB service AUTHORIZATION is on, use ajax http to display 401 unauthorized, this ajax code does not know how to write the http header

If i don't enable security verification and delete the header in ajax then there will be no problem! Participation URL:link text

1.CREATE web SERVICE at sa 17 with Support WEB CORS

  CREATE SERVICE "testc3"
        TYPE 'JSON'
        AUTHORIZATION on
       methods '*,OPTIONS'
        SECURE OFF
        USER DBA
        AS call "z_get_no"(:no);

open IE or google chrome address:http://127.0.0.1:8098/testc3?no=201917 ,then Directly enter the user name (dba) and password (sql) window,input username and password Show json data. *When using HttpPost for login authentication, the method of processing the username and password in the request header, in the form of Authorization: username password. so post headers "Authorization" : "Basic REJBOm5vcGFzc3dvcmRwZW9wbGVhZG1pbmNoYW5nZWRpdA==" (post.setHeader("Authorization", "Basic "+Base64.encodeBase64((userName+":"+userPass).getBytes())))*

2.user ajax code get sa17 webservice data:

  $.ajax({
    url:  "http://67.220.91.30:8089/testc3",
    type: "GET",

    async: false,
  headers:{
                   "Access-Control-Allow-Origin": "*,OPTIONS",
                   "Access-Control-Allow-Headers": "Authorization",
                   "Authorization" : "Basic REJBOm5vcGFzc3dvcmRwZW9wbGVhZG1pbmNoYW5nZWRpdA=="
                 },
    contentType: "multipart/form-data",
    data:  {

   "no": "201917"   
      },
    dataType: "json",

   success: (resp) => { json = resp;},
    error: (xhr, status, error) => {console.log(error);}
});

3.webservice log error:

[09/02/2020:01:50:12.645 0800] - 0.001 - 67.220.22.30:55071 - 8098 - "OPTIONS /testc3?no=201917 HTTP/1.1" - 401 Authorization Required   - 250 - 
--> Access-Control-Request-Headers: access-control-allow-headers,access-control-allow-origin,authorization    
--> Access-Control-Request-Method: GET
--> Accept: */*
--> Host: 67.220.91.30:8098
--> Origin: http://localhost:50680
--> Accept-Language: en-US,en;q=0.9
--> User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
--> @HttpQueryString: no=201917
--> Accept-Encoding: gzip, deflate
--> Connection: keep-alive

<-- Connection: close
<-- Expires: Sat, 08 Feb 2020 17:50:12 GMT
<-- WWW-Authenticate: Basic realm="gm"
<-- Content-Type: text/html; charset=ISO-8859-1
<-- Date: Sat, 08 Feb 2020 17:50:12 GMT
<-- Server: SQLAnywhere/17.0.10.5963

4. If i don't enable security verification and delete the header in ajax then there will be no problem!

CREATE SERVICE "testc3"
        TYPE 'JSON'
        AUTHORIZATION off
       methods '*,OPTIONS'
        SECURE OFF
        USER DBA
        AS call "z_get_no"(:no);
VolkerBarth
Contributor
0 Kudos

So what is your question?

ximen
Participant
0 Kudos

When WEB service AUTHORIZATION is on, use ajax http to display 401 unauthorized, this ajax code does not know how to write the http header

Accepted Solutions (0)

Answers (0)