This project has moved and is read-only. For the latest updates, please go here.

OWIN and webservices

Sep 30, 2014 at 1:41 PM
Edited Sep 30, 2014 at 1:48 PM
I have developed a website using the OWIN external authentication running on IIS. This site is a conversion from using FORMs authentication. Everything with the authentication works with the exception of some page level WebServices - webservices defined on the aspx pages - being called from javascript/jquery.

Here is a sample of the WebService:
    public static bool SaveCustTerms(string custNum, string last4SSN)
        bool val = false;

            //Do some code..

        return val;
Here is an example of javascript that would call this webservice. This call happens after the user is authenticated:
function () {
        if ($('#tbSSNTerms').val() != "") {
                type: 'POST',
                url: 'AccountSummary.aspx/SaveCustTerms',
                data: '{"custNum":"' + $('input[name*="hidCustNum"]').val() + '", "last4SSN":"' + $('#tbSSNTerms').val() + '"}',
                dataType: 'json',
                contentType: 'application/json; charset=utf-8',
                success: function (result) {
                    var obj = eval("(function(){return " + result.d + ";})()"); 
                error: function (errMsg) {
                async: false

        else {

            alert('Please enter the last four digits of your Social Security.');

When I view the results of this call in fiddler I see the following header returned with a status 200:

X-Responded-JSON: {"status":401,"headers":{"location":"http:\/\/\/OnlinePayments\/loginlive?ReturnUrl=%2FOnlinePayments%2FSecure%2FAccountSummary.aspx%2FSaveCustTerms"}}

It appears that OWIN is throwing back the request as unauthenticated. My question is, can javascript pass the necessary cookies needed to authenticated the request? These requested are all within the same session.