Click here to Skip to main content
15,899,474 members
Search within:


Unable to pass authenticationtoken in ajax call header. jquery and web api cross browser issue.
Please Sign up or sign in to vote.
0.00/5 (No votes)
Hi,

I am trying to pass UserToken (authentication token) in ajax call for ASP.WEB API service call.
I am getting below error message.

XMLHttpRequest cannot load http://localhost:7532/api/Common/GenerateTabs?clickedTab=null&null&_=1407319841857. Request header field UserToken is not allowed by Access-Control-Allow-Headers.

without authentication token in request header i am getting expected result.

JQuery Code
function InvokeService(url, type, successCallBack, data) {
$.ajax({
cache: false,
type: type,
url: url,
data: JSON.stringify(data),
async: false,
crossDomain: true,
headers: { 'UserToken': 'sdsdds' },
success: successCallBack
});
}

Controller
[EnableCors("*", "*", "*")]
public class CommonController : ApiController


Please help me on this.


Request and Response Headers in Chrome

CSS
Remote Address:::1:62649
Request URL:http://localhost:62649/3719bb8e60b3408ba8c8f78600c683f9/arterySignalR/poll?transport=longPolling&connectionToken=AQAAANCMnd8BFdERjHoAwE%2FCl%2BsBAAAAxaKQpDcfv0Si66zDSdEVnwAAAAACAAAAAAADZgAAwAAAABAAAAC4MbGB37h7anBAnSlkI%2FUxAAAAAASAAACgAAAAEAAAAH7EL7d8Z4d77aKn8QYBoiQoAAAAGRQRepJzWrdH245%2F93FzKKvi1MrNcwZ3MqPGYkgq3UHZAGI0GFzOFBQAAABky4zjRalDheZdEnxMWBrj3NNkVg%3D%3D&messageId=d-4FDCCDF0-HS%2C0%7CHV%2C4%7CHW%2C0&requestUrl=http%3A%2F%2Flocalhost%3A38501%2FWebForms%2FHome.aspx%23%2FMainHome&browserName=Chrome&tid=6&_=1407319851932
Request Method:GET
Status Code:200 OK
Request Headersview source
Accept:text/plain, */*; q=0.01
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Host:localhost:62649
Origin:http://localhost:38501
Referer:http://localhost:38501/WebForms/Home.aspx
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36
Query String Parametersview sourceview URL encoded
transport:longPolling
connectionToken:AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAxaKQpDcfv0Si66zDSdEVnwAAAAACAAAAAAADZgAAwAAAABAAAAC4MbGB37h7anBAnSlkI/UxAAAAAASAAACgAAAAEAAAAH7EL7d8Z4d77aKn8QYBoiQoAAAAGRQRepJzWrdH245/93FzKKvi1MrNcwZ3MqPGYkgq3UHZAGI0GFzOFBQAAABky4zjRalDheZdEnxMWBrj3NNkVg==
messageId:d-4FDCCDF0-HS,0|HV,4|HW,0
requestUrl:http://localhost:38501/WebForms/Home.aspx#/MainHome
browserName:Chrome
tid:6
_:1407319851932
Response Headersview source
Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:http://localhost:38501
Content-Type:application/json; charset=UTF-8
Date:Wed, 06 Aug 2014 10:10:58 GMT
Server:Microsoft-HTTPAPI/2.0
Transfer-Encoding:chunked
X-Content-Type-Options:nosniff


Ertot msg
XMLHttpRequest cannot load http://localhost:7532/api/Common/GenerateTabs?clickedTab=null&null&_=1407319841857. Request header field UserToken is not allowed by Access-Control-Allow-Headers.

Thanks
Rajesh K
Posted
Add a Solution
Comments
KVPalem 6-Aug-14 7:42am    
I have done changes as per your suggestion.

now i am getting below error.

XMLHttpRequest cannot load http://localhost:7532/api/Common/GenerateTabs?clickedTab=null&null&_=1407325018374. The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed. Origin 'http://localhost:38501' is therefore not allowed access.

Header is
Remote Address:::1:62649
Request URL:http://localhost:62649/3719bb8e60b3408ba8c8f78600c683f9/arterySignalR/poll?transport=longPolling&connectionToken=AQAAANCMnd8BFdERjHoAwE%2FCl%2BsBAAAAxaKQpDcfv0Si66zDSdEVnwAAAAACAAAAAAADZgAAwAAAABAAAAAoBAsOWvBLSyuu1F0DAGSZAAAAAASAAACgAAAAEAAAAM0hyhIMMQowOl8DYDwsnqkoAAAALFamk526E3K3gssM1MCQa6VIk4iI42%2FzaX6Zrz5dFTIkRffAOLG5ABQAAAAxuYn3oeY%2BvUOBBoNnqKF6o7vDmw%3D%3D&messageId=d-4FDCCDF0-HS%2C0%7CHd%2C4%7CHe%2C0&requestUrl=http%3A%2F%2Flocalhost%3A38501%2FWebForms%2FHome.aspx%23%2FMainHome&browserName=Chrome&tid=1&_=1407325029556
Request Method:GET
Status Code:200 OK
Request Headersview source
Accept:text/plain, */*; q=0.01
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Host:localhost:62649
Origin:http://localhost:38501
Referer:http://localhost:38501/WebForms/Home.aspx
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36
Query String Parametersview sourceview URL encoded
transport:longPolling
connectionToken:AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAxaKQpDcfv0Si66zDSdEVnwAAAAACAAAAAAADZgAAwAAAABAAAAAoBAsOWvBLSyuu1F0DAGSZAAAAAASAAACgAAAAEAAAAM0hyhIMMQowOl8DYDwsnqkoAAAALFamk526E3K3gssM1MCQa6VIk4iI42/zaX6Zrz5dFTIkRffAOLG5ABQAAAAxuYn3oeY+vUOBBoNnqKF6o7vDmw==
messageId:d-4FDCCDF0-HS,0|Hd,4|He,0
requestUrl:http://localhost:38501/WebForms/Home.aspx#/MainHome
browserName:Chrome
tid:1
_:1407325029556
Response Headersview source
Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:http://localhost:38501
Content-Type:application/json; charset=UTF-8
Date:Wed, 06 Aug 2014 11:37:15 GMT
Server:Microsoft-HTTPAPI/2.0
Transfer-Encoding:chunked
X-Content-Type-Options:nosniff

Please help on this

1 solution

It's as it seems. On the target server the Access-Control-Allow-Headers does not contain a header key of UserToken...
You have to include it to enable its use...
You may read about CORS - start here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS[^]
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Web API Cross browser issue
I have a problem in calling web api using jquery
Cross domain call with ajax
unable to call asmx web service through jquery ajax
Cross domain web service call using jquery, web service is hosted on iis6.0
Issue with posting data with custom header to web API
Jquery ajax calling passing data to server
Error in calling cross domain ajax call
Cross browser issues in the jquery calender control
CORS issue when angular and web API(.NET core) is used [SOLVED]

Advertise
Privacy
Cookies
Terms of Use
Last Updated 6 Aug 2014
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-05-14:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900