CODEWITHSUNDEEP
c#.netservicestackcors
Konstantin Smolyakov
Konstantin Smolyakov

Reputation: 755

ServiceStack V4 Basic Auth with wrong credentials + CORS

I was trying to enable CORS for ServiceStack V4 project. My plugin configuration is as follows: 

 Plugins.Add(new CorsFeature(allowedHeaders:"Content-Type, Authorization"));

I also use HTTP basic auth for authentication: 

Plugins.Add(new AuthFeature(() => new AuthUserSession(),
                                        new IAuthProvider[]
                                        {
                                            new BasicAuthProvider(), //Sign-in with Basic Auth
                                            new CredentialsAuthProvider(), //HTML Form post of UserName/Password credentials
                                        }));

EDIT

HTTP Request (I'm sending invalid credentials using basic auth)

GET http://localhost:1337/channel/channel1/history HTTP/1.1 
User-Agent: Fiddler 
Origin: http://google.com 
Host: localhost:1337 
Authorization: Basic dXNlcjE6aW52YWxpZHBhc3M=

HTTP Response (without CORS headers)

HTTP/1.1 401 Unauthorized
Cache-Control: private
Content-Type: application/json; charset=utf-8
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
Set-Cookie: ss-id=5JzRkMjA1eCcFhANnsWL; path=/; HttpOnly
Set-Cookie: ss-pid=UM738YinHoIl9hgQBf9o; expires=Sun, 20-May-2035 07:36:00 GMT; path=/; HttpOnly
X-SourceFiles: =?UTF-8?B?RDpcUHJvamVjdHNcV29ya1xPdmFsYXlcT3ZhbGF5XGNoYW5uZWxcY2hhbm5lbDFcaGlzdG9yeQ==?=
X-Powered-By: ASP.NET
Date: Wed, 20 May 2015 07:36:00 GMT
Content-Length: 1454

{<json body with error message goes here>}

Everything works well until I try to send invalid user credentials from client. In that case CORS headers are omitted and the browser cannot access the response message. Am I missing some configuration details?

Upvotes: 0

Views: 128

Answers (1)

Konstantin Smolyakov
Konstantin Smolyakov

Reputation: 755

I was able to workaround on this issue using following configuration in AppHost: 

UncaughtExceptionHandlers.Add((req, res, name, exception) =>
{
     //this is needed for inclusion of CORS headers in http error responses
     //(for example when invalid user credentials passed)
     res.ApplyGlobalResponseHeaders();
});

Upvotes: 1

Related Questions