I have already posted the question to Microsoft's IE support site at,
forum--> ie9-windows_7 --> automatic-logon-with-current-username-and-password
and I was asked to post the question in this tech form. Below is the question again,
Does anyone know why IE during Single Sign on session(IE8 and IE9) sends a authorization header and no request data during AJAX request even though session is valid?
What happens due to this our backend WCF service doesn't receive request parameters and the entire single sign on session fails, so user has to redo the entire login process.
Chrome and Firefox both doesn't have this problem.
Below is the detail of what I am doing,
1) We are using WCF Service.2) We have enabled AD Login(Single sign on) with IE by adding our site to trusted site
and adding the Security -> Trusted site zone -> Custom leval -> Automatic logon with current username and password
3) We are sending AJAX request via ExtJS to get some backend data for our website.
4) Everything works most of the time
but for some reason sometimes the IE doesn't send request parameter (the content length is 0).
That causes our services to fail because it didn't got the parameters it needed(Actually we validate the para and throw service error).
We are not sure why it happens. I have searched internet and found there are similar complaints at,
pcreview.co.uk (Can't post the url here because this blog doesn't allow Urls)
But no answer exactly whats going on.
The problem happens for both IE8 and IE9.
We haven't tried IE10 and can't because our end users are not going to upgrade to IE10 or later.
The issue doesn't happen for Chrome.
Below are the fiddler logs(raw format) for request and response, (Not sure why authentication header is send while the session already exist).
====================REQUEST DATA ====================
POST OURURL/GetByRuleType HTTP/1.1
x-requested-with: XMLHttpRequest
Accept-Language: en-ca
Referer: OURURL
Accept: application/json
Content-Type: application/json
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)
Host: MYMACHINE
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: MCSessionId=m0SeILDBAwPK6niYL0MBiUzq
Authorization: Negotiate YHUGBisGAQUFAqBrMGmgMDAuBgorBgEEAYI3AgIKBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHqI1BDNOVExNU1NQAAEAAACXsgjiBAAEAC8AAAAHAAcAKAAAAAYBsR0AAAAPSEFMSUJVVFNPVEk=
Content-Length: 0
==============RESPONSE DATA ======================================
HTTP/1.1 400 Bad Request (This is we are raising by our validation inside WCF)
Content-Length: 102
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
Date: Fri, 12 Jul 2013 22:00:06 GMT
{"Data":null,"HelpLink":null,"Message":"Invalid request data.","Ref":"2013-07-12 18:00:06.2718-04:00"}
===================Environment ============================
WCF & .NET 4, Windows 7 Professional Service Pack 1 (Also happens for Windows 2000 and Windows XP Customer uses them)