How to pass authentication header using datajs

Aug 17, 2011 at 1:00 PM

I am following authentication method described athttp://blogs.msdn.com/b/astoriateam/archive/2010/07/21/odata-and-authentication-part-6-custom-basic-authentication.aspx

I am able to consume service using ASP.NET (not a problem at all along with authentication information). Now I would like to create a plain HTML page and access the service using "OData Javascript Library" (datajs).

If I disable authentication and request for data, it works fine. I could not find any sample code on how to send authentication header information using "datajs" (when used with OData.Request and/or OData.Read).

Can anyone help me on this?

Aug 22, 2011 at 8:57 PM

Hello,

You can specify the authentication credentials in the request object that you pass into OData.read or OData.request, as follows:

OData.read({ requestUri: myEndpointUri, user: myUsername, password: myPassword }, function (data) { // success }, ...);

OData.request({ requestUri: myEndpointUri, method: "POST", user: myUsername, password: myPassword }, function (data) { // success }, ...);

Thanks for pointing out that our documentation is missing this information, we will fix this.

Please let us know if you are still having issues.

Thanks,

David

Oct 12, 2012 at 6:57 AM
Edited Oct 12, 2012 at 6:58 AM

Hi David,

I wanted to get some data after logging into website through ODATA.read which is mentioned by you.

But im not able to authnticate to that site.instead it is giving me the error:" Http request failed".i have given the correct url.

whn im trying to Connect to that url by giving password and username it is succesfully loggin in.

Please help me.

here is my code:

function getData()

{

var myUrl="https://cdms.clouddev.aus.hp.com/XRMServices/2011/OrganizationData.svc/";

OData.read({ requestUri: myUrl,user: "xxxxxxxxxxxxx",password: "************"},

function (data) {

alert("data"+JSON.stringify(data));

});

},

function (err){

alert("error"+JSON.stringify(err));

});

}

Thanks,

Teena.

Oct 16, 2012 at 8:44 PM

Hi Teena,

   Which browser are you using? Seems to me that you are doing a cross domain request and not all browsers are ok with that due to the same orgin policy.  Can you please share a network trace of the request and response (please black out username and password :) )

Thanks!

Alex Trigo.

Nov 14, 2012 at 12:24 PM
Edited Nov 14, 2012 at 12:26 PM

Hi,

Hope it's alright if I swoop in and add a question...

I am having a problem accessing my authentication header that I pass through as well.

I call my WCF service as follows:

var url = "http://localhost/myServices/myService.svc/aMethod";
OData.defaultHttpClient.enableJsonpCallback = true;

OData.request(
        {requestUri: url, method: "GET", user: 'Joe', password: 'Soap' },
        function (data, request) {
            // successful
        },
        function (error) {
            // error
        }
)

I then expected to have access to "Joe" and "Soap" in my HTTP module, as well as in Fiddler when I track the requests, but I can't find those values, nor do I see an Authentication Header in the request.

Am I missing something?

 

Thanks, help is much appreciated.

Dave

Nov 15, 2012 at 7:11 PM

Hi Dave,

   I assume that you are doing a cross domain request using JSONP right? Unfortunately, with JSONP there is nothing you can do about setting headers and shaping the request in any other way than the url. This is because on how JSONP works and the fact that it relies on injecting <script> tags in the web page DOM to retrive the data. The only thing that can be changed on a <script> tag is the url it is pointing to. 

   There are some blogs out there that explain some methods that would allow you to do an "authenticated JSONP" but they involve using magic tricks with IFrames and the like.  My suggestion though is that you use a reverse proxy (a dummy service in the same domain as your webapp that just relays the request to the real endpoint in the other domain) or you might try to look into using CORS as well (disclaimer: CORS is still gaining traction and has to be supported by both the browser and the server.)

Regards,

Alex Trigo.