What is wrong here so that IE9 can do CORS Ajax call but IE8 and FireFox can not?

问题

I make a POST request to my WCF Service sitting on a different domain by jQuery. It works for IE9 as expected:

i) I make a request, ii) the Log-In dialog-box pop-ups, iii) I log in and the service is called.

But with IE8 and FireFox, no LogIn dialog box appears and the request fails.

Question: Why it makes the CORS based ajax POST call on IE9 without any problem while it does not on IE8 and Fire-Fox?

Please see additional details below:

• I have one WCF RESTful Service which is sitting on a site that is on an IIS 7.5
• Authentication on IIS is set as BASIC AUTHENTICATION Enabled.
• The WCF service security mode is set in web.config as:

"

<security mode="TransportCredentialOnly">
  <transport clientCredentialType="Basic" proxyCredentialType="None" realm="" />
</security>

"

• And also my web.config has:

   <httpProtocol>
 <customHeaders>
  <add name="Access-Control-Allow-Origin" value="*" />
      <add name="Access-Control-Allow-Methods" value="POST, GET, PUT, DELETE, OPTIONS" />

     <add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept" />
 </customHeaders>

• How make the call from the JavaScript is:

$.support.cors = true; // I make CORS enabled

request = {
                                Foo: "Alice",
                                Bar : "Sharma",
                            };

            $.ajax(
                        {
                            type: 'POST',
                            url: "foo.bar.co/myService",
                            contentType: 'application/json',
                            data: JSON.stringify(request),
                     success: function (result) {
                                alert("Submitted succesfully!");
                            },
                            error: function (jqXHR, textStatus, errorThrown) {

                                alert('Error Occured' + errorThrown);
                            }
                        }               //eof ajax object
                    );  //eof .ajax

How IE9 Behaves (as Fiddler2 says):

1. IE9 makes a request with below Request Headers (partly shown)

• Referer: clientInDifferentDomain.domain.co
• Host: foo.bar.co
• Accept: * / *

2. and server responds back HTTP 401 (As expected) by reflecting the Origin:

• WWW-Authenticate: Basic realm="foo.bar.co" [under Cookies/ Login]
• Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
• Access-Control-Allow-Methods: POST, GET, PUT, DELETE, OPTIONS
• Access-Control-Allow-Origin: *

3. IE9 pops-up a Log-In windows; I enter my credentials and I am able to make a ajax POST Request to WCF Service that sits in the different domain! GREAT!

How Fire-Fox Behaves (as Fiddler2 says):

1. FireFox makes a request

• Origin: clientInDifferentDomain.domain.co
• Host: foo.bar.co
• Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8

2. and server responds back HTTP 401 (As expected) by :

• WWW-Authenticate: Basic realm="foo.bar.co" [under Cookies/ Login]
• Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
• Access-Control-Allow-Methods: POST, GET, PUT, DELETE, OPTIONS
• Access-Control-Allow-Origin: *

来源：https://stackoverflow.com/questions/14855427/what-is-wrong-here-so-that-ie9-can-do-cors-ajax-call-but-ie8-and-firefox-can-not