I’ve been working with WebAPI to implement a simple REST data service over http: as part of prototyping a client-side connection to an external system from SharePoint 2010.
I was able to get the data service running and accessible in Azure very easily due to some excellent tutorials from MSDN, and was able to bind the JSON data from my service to a simple chart from AmCharts that worked well in a test page.
After creating the test page and running it successfully in several browsers, I began moving the fairly simple test page code into a test site on our corporate SharePoint installation. I created a Wiki page and added a Content Editor web that pointed to a text file containing the script code and simple markup for calling the data service and rendering the chart.
After a little debugging, I was able to get the same basic functionality to work in the Chrome and Firefox, but it would not run in Internet Explorer versions 8-10. In monitoring the network output in the Developer Tools, the call to the data service would never happen, and instead the browser would return an “Access Denied” error.
After a lot of unsuccessful searching for troubleshooting information online, and noticing that Chrome was complaining about (but complying with) my request for data from an http: data source originating from my https: page, I decided to try enabling SSL on the REST service to see if it made any difference, and it immediately started working.
So in summary, there were several steps I needed to take to get this configuration to work at all, let alone on IE:
1. Set the propery jQuery.support.cors = true in my client-side code (using jQuery 1.11.0 to support IE8, which is not supported in jQuery 2.x versions)
2. Enable CORS (Cross Origin Resource Sharing) in WebAPI by calling the static method config.EnableCors() in WebApiConfig, and decorating Controller methods with the EnableCors attribute (this is all well-documented here)
3. Set the SSL Enabled property on the REST Service to TRUE
4. Change the URL property in my client code to use the https: version of the REST method
5. Make sure that the “Access data sources across domains” property was enabled in IE’s security settings
Filed under: C#, Troubleshooting Tagged: data service, Internet Explorer, jQuery, JSON, Mixed Security, SharePoint 2010
