views:

151

answers:

1

We are running windows IIS 6 and use it's native ability to protect files with Windows Authentication as our login method.

It works fine, except that when I try to post method XMLHttpRequest from IE i get the login dialog again, which causes the request to fail. The weird thing is that Mozilla and Safari work well.

Is there something I can do with the headers or something to make IIS recognize it as the same session, and not promt a re-login?

function ajaxQuery(method, url, params, asynchronous, readyFunction, is_done) {
    if (asynchronous == null) {
        asynchronous = true;
    }
    //alert("URL: "+url);
    if (window.XMLHttpRequest) { // code for IE7+, Firefox, Chrome, Opera, Safari
        xmlhttp = new XMLHttpRequest();
    }
    else { // code for IE6, IE5
        xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
    }
    xmlhttp.onreadystatechange = function () {
        if (xmlhttp.readyState == 4 && xmlhttp.status == 200) {
            readyFunction(xmlhttp.responseText);
            if (is_done) {
                is_done("ok");
            }
        }
    }
    if (method.toLowerCase() == "get") {
        url += "?" + params;
        params = null;
    }
    debug = url;
    xmlhttp.open(method, url, asynchronous);
    if (method.toLowerCase() == "post") {
        xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
        xmlhttp.setRequestHeader("Content-length", params.length);
        xmlhttp.setRequestHeader("Connection", "close");
        debug = params.length;
    }
    xmlhttp.send(params);
}
A: 

Check the response headers coming back. We had the same problem with an app that was (intentionally) returning a 401 code. IIS caught that code and added the WWW-Authenticate header which forces IE to display the login. We were able to fix it by returning 403 instead.

dOpefiSh