XmlHttpRequest..Open and Windows Authentication
-
When a call to XmlHttpRequest.Open is made to initiate an AJAX callback, does the Windows Authentication ticket of the user ALWAYS get passed? I have a 3rd party application that I'm working on that makes an AJAX call every 5 minutes. On the server side, the code connects to a COM+ object (yes, unfortunately this is an ASP application) proxy, which in turn marshals the actual call to another server where the tied COM+ component lives. This works fine for varying lengths of time, but it never works forever. Eventually, the application will record that NT AUTHORITY\ANONYMOUS LOGON will have made an attempt to create an instance of the COM+ component on the second server, when it SHOULD be the credentials of the logged on user. So somewhere, the user's credentials seem to be getting dropped. To me, it looks like it's an issue with the user's credentials being passed to the server during the AJAX call. Should this always be the case, and if not, when might the credentials not make it up to the server? Anonymous access is disabled on the site (Windows Authentication only), and the impersonation level on the COM+ component is Identify. Thanks in advance. If I haven't provided enough details, let me know.
Jamie Nordmeyer
Portland, Oregon, USA
http://www.feralcodemonkies.com