Office App Ajax with auth header, connecting to secured web api 2 backend with cors enabled

Question

I'm building a content panel app for Office.

Part of that requires authenticating an account against a server. I've implemented my own AuthorizationFilterAttribute on my web api 2 controllers, and called config.EnableCors(new EnableCorsAttribute("*", "*", "*")); on my web api registration.

I built a test script that fires a simple get at an endpoint and I can get it to work in chrome and ie.

var token = btoa(username + ':' + password);

$.ajax({
    url: 'http://www.someendpoint/',
    type: 'GET',
    beforeSend: function (request) {
        request.setRequestHeader("Authorization", "Basic " + token);
    },
    success: function (data) {
        return true;
    },
    error: function (data) {
        return false;
    }
});

Problem is that it doesn't work in the app.

The error: function is being hit and the data contains "Error: Access is denied.\r\n"

I've attempted to use $.support.cors = true; in addition to ensuring the domain name is given permission in the App Manifest.

Anyone have any ideas on what else to try?

Answer 1

So it turns out that in the project properties, office apps enforce SSL by default, which is great to be honest, but not ideal when testing against a non SSL domain.

The answer to this is to adjust the project settings as shown below.