CODEWITHSUNDEEP
asp.netcorsazure-ad-b2c
Memo
Memo

Reputation: 213

CORS problem with B2C and Azure App Service

I have enabled CORS in my ASP.NET/Angular application by using AddCors and EnableCors in controllers. My application is communicating with AD B2C pages. After build I have this error in the console :

Access to XMLHttpRequest at 'https://XXX.b2clogin.com/ (redirected from 'https://XXX.azurewebsites.net/User/Info') from origin 'https://XXX.azurewebsites.net' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Startup.cs : 

            services.AddCors(options =>
        {
            options.AddPolicy("CorsPolicy",
                builder => builder.AllowAnyOrigin()
                .AllowAnyMethod()
                .AllowAnyHeader()
                .AllowCredentials());
        });

Controller : 

[EnableCors("CorsPolicy")]
[Authorize]
public class UserEditController : Controller

I have enabled CORS on Azure too by putting : Allowed Origins - * .

UPDATE:

[Route("User/Info")]
[HttpGet]
public async Task<IActionResult> LoggedInUserInfo()
{
    if (User.Identity.IsAuthenticated)
    {
        var user = ((ClaimsIdentity)User.Identity).FindFirst(ClaimTypes.NameIdentifier).Value;
        var viewmodel = await userService.GetUserByObjectId(user);
        return Json(new { loggedIn = "true", user = viewmodel });
    }
    return Json(new { loggedIn = "false" });
}

Upvotes: 4

Views: 1235

Answers (1)

Chris Padgett
Chris Padgett

Reputation: 14704

It appears that you're attempting a cross-origin request from the https://xxx.azurewebsites.net/ domain to the https://xxx.b2clogin.com/ domain.

Currently the .b2clogin.com domain doesn't allow any cross-origin requests from any other domain.

Upvotes: 3

Related Questions