Status: Unconfirmed
Owner: ----
Labels: Type-Bug Pri-2 OS-All Area-Misc
New issue 24794 by one.goofy.mystery: Xmlhttprequest works fine, except
when using integrated security
http://code.google.com/p/chromium/issues/detail?id=24794
Chrome Version : <Copy from: 'about:version'>
URLs (if applicable) :
Other browsers tested:
Add OK or FAIL after other browsers where you have tested this issue:
Safari 4:
Firefox 3.x: OK
IE 7: FAIL
IE 8:
What steps will reproduce the problem?
1. setup Secured webservice (integrated security) and page with
xmlHttpRequest to that webservice.
2. !Important. Place both on a server within your network, not on
localhost.
3. Try calling the webservice (POST, with arguments)
What is the expected result?
Authentication by server, normal response
What happens instead?
401.1 authentication failed
Full info:
All my tests (using ExtJS mostly) ran excellent with no problem at
all. Until I moved from testing on localhost to testing on a server
within the network.
I came to a rather strange behavior. All my XmlHttpRequests using
method "GET" ran fine, but all "POST" methods failed. Returning a
401.1 authentication failed. As backend I'm using a .net 2.0 (i know,
a bit behind here) webservice within a virtual directory secured by
Integrated Windows Authentication. I turned on anonymous
authentication and all worked just fine.
So in short, there might be an issue with method "POST" and sending
Kerberos authentication info. Though no problem using method "GET".
Fiddler does react with following message:
-------------------------------------------------------------
Fiddler has detected a protocol violation in session #307.
Content-Length mismatch: Request Header claimed 0 bytes, but sent 214
bytes.
Request:
--------------
POST /eBook/Webservices/DataProvider.asmx/GetData HTTP/1.1
Accept: */*
Origin: http://bebrusmeyebo01:82
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://bebrusmeyebo01:82/eBook/singlepage.aspx
UA-CPU: x86
Accept-Encoding: gzip, deflate
Content-Length: 0
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
chromeframe; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1)
Host: bebrusmeyebo01:82
Connection: Keep-Alive
Pragma: no-cache
Cookie: ASP.NET_SessionId=5wq3jvuaaqv3s055kfjc01bh; eBook.Culture=nl-
BE; ys-specificVersion=s%3A1.6.1; ys-win-reportupload=o%3Awidth%3Dn
%253A225%5Eheight%3Dn%253A176%5Ex%3Dn%253A578%5Ey%3Dn%253A273; ys-
win_ws_BTWApp=null; ys-clienstGrid=o%3Acolumns%3Da%253Ao%25253Aid
%25253Ds%2525253Anumberer%25255Ewidth%25253Dn%2525253A23%255Eo%25253Aid
%25253Dn%2525253A1%25255Ewidth%25253Dn%2525253A120%255Eo%25253Aid
%25253Dn%2525253A2%25255Ewidth%25253Dn%2525253A306%255Eo%25253Aid
%25253Dn%2525253A3%25255Ewidth%25253Dn%2525253A120%255Eo%25253Aid
%25253Dn%2525253A4%25255Ewidth%25253Dn%2525253A120%255Eo%25253Aid
%25253Dn%2525253A5%25255Ewidth%25253Dn%2525253A120%255Eo%25253Aid
%25253Dn%2525253A6%25255Ewidth%25253Dn%2525253A120
Authorization: Negotiate
TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==
person=999999999&client=0&file=&culture=nl-
BE&requests=filetypes&requests=importtypes&requests=worksheets&requests=boo
kingtypes&requests=metadata_lookup&cacheKey=default
Response:
---------------
HTTP/1.1 401 Unauthorized
Content-Length: 1539
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
TlRMTVNTUAACAAAACAAIADgAAAAFgomic5FM0iJyFRcAAAAAAAAAAJIAkgBAAAAABQLODgAAAA9
FAFUAUgBXAAIACABFAFUAUgBXAAEAHABCAEUAQgBSAFUAUwBNAEUAWQBFAEIATwAwADEABAAWAG
UAdQByAHcALgBlAHkALgBuAGUAdAADADQAYgBlAGIAcgB1AHMAbQBlAHkAZQBiAG8AMAAxAC4AZ
QB1AHIAdwAuAGUAeQAuAG4AZQB0AAUADABlAHkALgBuAGUAdAAAAAAA
X-Powered-By: ASP.NET
Date: Mon, 12 Oct 2009 11:06:52 GMT
Proxy-Support: Session-Based-Authentication
After some further testing, I've noticed the following:
If I open the debugger and turn on resource tracking, I get a logon box
from chrome. When I fill in my credentials, POST as described above does
work for that entire session. Unfortunately, I haven't been able to catch
that request in fiddler.
Cheers,
...Tim
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---
