Javascript – ajax post to SharePoint web services interrupted by ntlm challenges

ajaxjavascriptntlmsharepointxmlhttprequest

I've got a web part that uses javascript heavily in the implementation of a UI. It also makes use of asynchronous XmlHttpRequest requests to some of the SharePoint web services (I'm using SPServices, btw).

For some requests, the user is confronted with NTLM authentication challenges, and after entering credentials, the request completes. This happens 3 times on one page load, although there are more than 3 requests. There are several things about this that I find confusing:

as I said, not all requests have this problem
the user has already accessed the site with NTLM authentication, so why do the ajax requests get challenged?
This is in a Windows domain environment. In a non-domain environment, this problem does not exist (although Windows auth is being used in both).

Of course, all of this is in IE. One thing I tried was to insert the NTLM authentication header into the ajax request, but that didn't change anything (I didn't really think it would, but it was worth a try).

Any suggestions?

Best Answer

It should not be this way. Windows auth is per-process and, if you are already authenticated, you remain authenticated when you load something again, does not matter if it is the browser's main connection or an XHR request.

I have seen this strange behavior in one of our test servers. In that case, also WebDAV access to SharePoint was broken and some times you could not access the \\sharepointserver\sites\somesite paths (but some minutes later you could do it again). It seemed that there was somehing wrong with Kerberos authentication in that case and that wrong tokens were issued sometimes. However, we didn't solve that, just installed a new server and attached content databases to it. That worked :-)

Related Solutions

R – Sharepoint 2007 NTLM issue with ASP.NET Web App hosted on Sharepoint server

Yes, this is related to the double hop issue.
In NTLM, you are not allowed to authenticate to remote services. As you said, you'll need Kerberos to delegate credentials to other services.

Options you may try:

Switch to Kerberos. This is the only correct solution, but it's not so easy as you'll have to create all SPN and be sure port 88 is open.
Install you're ASP.Net application in the SharePoint box and activate DisableLoopbackCheck
Use a service account to log in to SharePoint. In this case, SharePoint won't run under the user account, so you'll have to handle security yourself

Javascript – jQuery Ajax POST example with PHP

Basic usage of .ajax would look something like this:

HTML:

<form id="foo">
    <label for="bar">A bar</label>
    <input id="bar" name="bar" type="text" value="" />

    <input type="submit" value="Send" />
</form>

jQuery:

// Variable to hold request
var request;

// Bind to the submit event of our form
$("#foo").submit(function(event){

    // Prevent default posting of form - put here to work in case of errors
    event.preventDefault();

    // Abort any pending request
    if (request) {
        request.abort();
    }
    // setup some local variables
    var $form = $(this);

    // Let's select and cache all the fields
    var $inputs = $form.find("input, select, button, textarea");

    // Serialize the data in the form
    var serializedData = $form.serialize();

    // Let's disable the inputs for the duration of the Ajax request.
    // Note: we disable elements AFTER the form data has been serialized.
    // Disabled form elements will not be serialized.
    $inputs.prop("disabled", true);

    // Fire off the request to /form.php
    request = $.ajax({
        url: "/form.php",
        type: "post",
        data: serializedData
    });

    // Callback handler that will be called on success
    request.done(function (response, textStatus, jqXHR){
        // Log a message to the console
        console.log("Hooray, it worked!");
    });

    // Callback handler that will be called on failure
    request.fail(function (jqXHR, textStatus, errorThrown){
        // Log the error to the console
        console.error(
            "The following error occurred: "+
            textStatus, errorThrown
        );
    });

    // Callback handler that will be called regardless
    // if the request failed or succeeded
    request.always(function () {
        // Reenable the inputs
        $inputs.prop("disabled", false);
    });

});

Note: Since jQuery 1.8, .success(), .error() and .complete() are deprecated in favor of .done(), .fail() and .always().

Note: Remember that the above snippet has to be done after DOM ready, so you should put it inside a $(document).ready() handler (or use the $() shorthand).

Tip: You can chain the callback handlers like this: $.ajax().done().fail().always();

PHP (that is, form.php):

// You can access the values posted by jQuery.ajax
// through the global variable $_POST, like this:
$bar = isset($_POST['bar']) ? $_POST['bar'] : null;

Note: Always sanitize posted data, to prevent injections and other malicious code.

You could also use the shorthand .post in place of .ajax in the above JavaScript code:

$.post('/form.php', serializedData, function(response) {
    // Log the response to the console
    console.log("Response: "+response);
});

Note: The above JavaScript code is made to work with jQuery 1.8 and later, but it should work with previous versions down to jQuery 1.5.

Best Answer

Related Solutions

R – Sharepoint 2007 NTLM issue with ASP.NET Web App hosted on Sharepoint server

Javascript – jQuery Ajax POST example with PHP

Related Topic