3

I'm using ServiceStack to write a REST based service, but as part of the authentication, I need to authorize cross-domain, but cookies can't be read cross-domain, so even though my JSON POST to the authenticate service succeeds and returns the SetCookie results, it will never see that cookie as it can't see it.

Question is, is there any other way around this, maybe I can provide the same value via a request header or something?

dariusriggins
  • 1,394
  • 1
  • 14
  • 30

2 Answers2

2

You can pass cookies in a cross domain request if both the client and the receiver allow it. Have a look at this link here

Bigtoe
  • 2,912
  • 1
  • 26
  • 42
1

You can use HTTP BasicAuth HTTP Headers with your Ajax Request, the server will need to have the BasicAuthProvider() enabled, e.g:

Plugins.Add(new AuthFeature(
    () => new CustomUserSession(), //Use your own typed Custom UserSession type
    new IAuthProvider[] {
        new BasicAuthProvider(), //Sign-in with Basic Auth
        //... other providers
    }));

Though note that BasicAuth is just an Base64 encoded version of your UserName/Password so this should ideally happen over SSL.

See this answer for how to add BasicAuth headers using jQuery.

Community
  • 1
  • 1
mythz
  • 134,801
  • 25
  • 234
  • 373
  • I'm sure this is the correct way to do this, but I ended up just using the withAuth flag to set the cookie cross domain. That was the easiest way for me while still keeping my existing authorization provider. – dariusriggins Dec 06 '12 at 21:45
  • Cool, yeah there's plenty of options - the path of least resistance is the best choice :) – mythz Dec 06 '12 at 21:50