Reputation: 1028
ASP.NET 5 beta8 CORS with Authorize attribute is not working
In beta7, CORS was able to set like this:
// in the ConfigurationServices
services.AddMvc();
services.ConfigureCors(options =>
{
// set cors settings...
});
//...
// in the Startup.Configure method
app.UseCors();
app.UseMvc();
It worked like a charm, but beta8 breaks it. I found this SO questions: Why Cors doesn't work after update to beta8 on ASP.NET 5?, and fixed like this:
// in Startup.ConfigureServices method
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy", builder =>
{
// allow them all
builder.AllowAnyHeader();
builder.AllowAnyMethod();
builder.AllowAnyOrigin();
builder.AllowCredentials();
});
});
services.AddMvc();
//...
// in the Startup.Configure method
app.UseMvc();
//...
// in the Controller
[EnableCors("CorsPolicy")]
public IActionResult Get()
{
return OK();
}
Yes it works again, but when I add [Authorize("Bearer")], the controller returns 401 Unauthorized for OPTIONS request via ajax call. Here's HTTP request and response.
[Request]
OPTIONS https://api.mywebsite.net/ HTTP/1.1
Accept: */*
Origin: https://myanotherwebsite.net
Access-Control-Request-Method: GET
Access-Control-Request-Headers: accept, authorization
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
Host: api.mywebsite.net
Connection: Keep-Alive
Cache-Control: no-cache
[Response]
HTTP/1.1 401 Unauthorized
Content-Length: 0
Server: Microsoft-IIS/8.0
WWW-Authenticate: Bearer
X-Powered-By: ASP.NET
Set-Cookie: ARRAffinity=...;Path=/;Domain=api.mywebsite.net
Date: Fri, 23 Oct 2015 09:56:34 GMT
How can I enable CORS with [Authorization] attribute in ASP.NET 5 beta8?
Edit
I was able to reproduce this problem with a default ASP.NET MV C6 Template (beta 8).
When I decorate a controller or method with both [EnableCors] and [Authorize], it returns 401 Unauthorized(or 302 redirect to the login page).
Edit2 It turns out, this was a silly mistake by me. I answered myself what was the problem.
Upvotes: 4
Views: 1603
Answers (1)
Reputation: 1028
Okay, this was my silly mistake. I was confused between Microsoft.AspNet.Mvc.Cors and Microsoft.AspNet.Cors.
The previous one is about OWIN Middleware, and the other one is about Mvc filter. I didn't add Microsoft.AspNet.Cors in the Project.json, neither add app.UseCors() in the Configures().
Both AddCors() in the ConfigureServices() and UseCors() in the Configure() are required in order to work together.
This could be the basic setting for CORS.
(in the Project.json)
"dependencies": {
...
"Microsoft.AspNet.Cors": "6.0.0-beta8",
"Microsoft.AspNet.Mvc.Cors": "6.0.0-beta8",
...
}
(in the Startup.cs)
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy", builder =>
{
// ...build cors options...
});
});
services.AddMvc();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseIISPlatformHandler();
app.UseStaticFiles();
app.UseCors("CorsPolicy");
app.UseMvc();
}
or, this:
public void ConfigureServices(IServiceCollection services)
{
services.AddCors();
services.AddMvc();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseIISPlatformHandler();
app.UseStaticFiles();
app.UseCors(builder =>
{
// ...default cors options...
});
app.UseMvc();
}
Hope no one make silly mistake like me.
Upvotes: 2
Related Questions
- Why do I get a CORS error in my ASP.NET Core 5 WebAPI code?
- Cors policy error when using Authorize Attribute
- How to enable CORS in ASP.NET Core
- ASP.NET Core API Enabling Cors not working
- Can't get CORS working for ASP.NET Core Web API
- ASP.NET Core 2 : Ajax calls to API with [Authorize] fail the preflight request
- Enable CORS on my Web API not working
- Application using CORS does not work in Azure
- CORS not working with ASP NET 5 Web Api
- ASP.NET 5 beta7 CORS not working