Reputation: 31
Ionic/Cordova authentication with ACS
Background: We have a WebAPI set up with Azure ACS and ADFS for authentication.
Accessing any WebAPI resource through the browser will redirect unauthenticated users to the ADFS login page through ACS. After successful login, the user will be redirected to return Url as setup in ACS along with security token. This works perfectly fine.
Problem: We are developing a mobile application using the Ionic framework (http://ionicframework.com/). We want to leverage the same ACS and ADFS for authentication which we are using for WebAPI. In this process we are facing the following issues:
Issue 1: Accessing any WebAPI resource through a mobile application (Ionic, Cordova, AngularJS) redirects the user to ACS and we get below error.
XMLHttpRequest cannot load https://{domainname}.accesscontrol.windows.net/v2/wsfederation?wa=ws…52fitem&wct=2014-10-10T14%3a24%3a34Z&whr=https%3a%2f%2f{domainname}.com. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.
Hence we are not able to authenticate any user through ACS with the mobile app.
Issue 2: Setting Return URL as empty in ACS throws the below error.
ACS90050: No reply address is configured with the relying party principal.
Steps taken so far: -> We have enabled CORS on WebAPI.
Upvotes: 0
Views: 577
Answers (1)
Reputation: 31
We filed ticket with Microsoft to see if CORS can be enabled at ACS. We got below reply.
ACS does not provide a CORS solution we did research the possibilities. Unfortunately the answer is still: “No ACS does not provide a CORS solution”. That is, ACS does not give us access to the root for a standard cross-domain solution. Further, providing the token is considered HTTPOnly as manipulating the token with Javascript is inherently dangerous.
There is a sample available that may provide guidance if you wish to pursue this path although it is not recommended because of the security aspect. Download the samples found at:
Windows Azure AD Access Control (ACS) Code Samples: https://code.msdn.microsoft.com/Windows-Azure-AD-Access-0dcde385
The sample under: C#\Webservice\ACS2WindowsPhoneSample may provide some guidance but we would not be able to assist with modifying the sample.
Upvotes: 0
Related Questions
- Handling CORS Issues in Ionic
- CORS issues when emulating ionic app on iOS
- CORS issue while shaping working web app into a native Ionic app for Android
- Ionic v4 withCredentials true giving me cors error
- Not able to bypass CORS in Ionic 4 application
- Ionic 4 CORS issue on mobile device
- CORS error when consuming ASP.NET Core 1.1 Web API from IONIC (Angular) app
- Ionic v2 + CORS Preflight Access-Control-Allow-Methods
- ionic app cannot connect cors enabled server with $http
- CORS issues when adding atatus to ionic project