CODEWITHSUNDEEP
corsservicestack
Mher Arsh
Mher Arsh

Reputation: 597

ServiceStack JsonServiceClient (TypeScript): Do not go to the requests after authentication from CORS

I configured the service as mentioned above: 

Plugins.Add(new CorsFeature(
      allowCredentials: true,
      allowedMethods: "GET, POST, PUT, DELETE, OPTIONS",
      allowedHeaders: "Content-Type, Allow, Authorization, Origin",
      allowOriginWhitelist: new[]
             {
                    "http://localhost:4200",
                    "http://localhost:63342",
                    "http://localhost:63342",
                    "http://localhost:3000",
                    "http://my.site.com"
             }));

and I have 2 functions Login() and GetContacts()

class AppComponent {
***
      constructor(){
        this.client = new JsonServiceClient("http://my.site.com");
      }

      async Login(){

        var auth = new wbs.Authenticate();
        auth.UserName = this.username;
        auth.Password = this.password;

        var authResponse = await this.client.post(auth);

        console.log(authResponse);
      }

      async GetContacts(){
        try {
          this.contacts = await this.client.post(new wbs.Contacts_Get());
          console.log(this.contacts);
        } catch(e) {
          this.contacts = [];
          console.log("Failed to get:", e.responseStatus);
        }
      }
}

"servicestack-client": "0.0.36",

I call these functions in turn:

1. Login()
2. ContactsGet()

if I run locally on IIS express works, but when I deploy to IIS server it's not working. The login runs fine, but in Internet explorere and Safari ContactsGet fails, it returns status 401, but works in Chrome.

Help please in what my error? Thanks!

enter image description here

enter image description here

enter image description here

IIS settings

enter image description here

UPDATE

var authFeature = new AuthFeature(
        () => new MyUserSession(),
        new[] { new MyCredentialsAuthProvider()
});

public class MyCredentialsAuthProvider : CredentialsAuthProvider {
        private Userslogic users => Userslogic.Instance;

        public override bool TryAuthenticate(IServiceBase authService, string userName, string password) {

            if (!users.CheckUserNameAndPassword(userName, password))
                return false;

            var session = authService.GetSession(false);

            session.IsAuthenticated = true;

            return true;
        }
    }

AuthRequet:

enter image description here

ContactsGetRequest: enter image description here

Upvotes: 1

Views: 286

Answers (2)

Mher Arsh
Mher Arsh

Reputation: 597

In the research of the issue revealed that the problem is on the client and not the server ServiceStack, such restrictions have browsers IE and Safari.

  1. IE - https://stackoverflow.com/a/22450633/7015077
  2. Safari - https://stackoverflow.com/a/486569/7015077

Upvotes: 0

mythz
mythz

Reputation: 143389

Your issue is because the client does not send Cookies with the request and it's not sending them because your CORS configuration is invalid, the allowOriginWhitelist URLs need to match exactly with the hostname that the request is sent to, in this case is http://109.120.152.165.

Whenever subsequent requests in a HTTP Client do not honor the Set-Cookie Response Headers of the previous request your CORS configuration is invalid and you need to investigate why that is.

Upvotes: 1

Related Questions