I have a wcf service protected with basic authentication. This is being called from MS Dynamics CRM JavaScript web resource using jQuery ajax call as;
$.ajax({
async: false,
type: "POST",
beforeSend : function(req) {
req.setRequestHeader('Authorization', 'Basic ' + btoa(BasicAuth));
},
contentType: "application/json; charset=utf-8",
url: serviceUrl + "/GetData",
When I call the service, the authorization header is seen in browser developer tool window.
This is leading to vulnerability as any attacker can use this information.
Can someone please advise how this can be corrected?