CODEWITHSUNDEEP
.netcors
sharad jain
sharad jain

Reputation: 153

Cors Issue in Web api with Windows Authentication

I am trying to enable CORS support in a Web API application. In my WebApiConfig.cs file, I have the following code:

var cors = new EnableCorsAttribute(origins: "http://localhost:19509",
                                               headers: "*",
                                               methods: "*");
config.EnableCors(cors);

However, this didn't work. I've tried every suggestion from the following links, but they don't work either:

I created an empty project with no authorization/authentication/security implementation and tried hitting this empty project from my front end, and that worked. Based on this, I believe that the front end implementation is fine.

Is there a specific package which might be causing this issue, or anything else I need to change?

It runs when i try with a cors disabled Chrome browser.

//Updating the Question after implementing CORS in StartUp.cs file.

I tried applying cors in StartUp.cs file also but No luck. Below is my code in StartUp.cs file.

using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.DependencyInjection.Abstractions;
using Microsoft.Owin;
using Owin;
using System.Web.Services;
using Microsoft.Extensions.DependencyInjection.Extensions;
using Microsoft.AspNetCore.Cors;

namespace xyz
{
    public partial class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            ConfigureAuth(app);
        }
    }
}

Upvotes: 1

Views: 1612

Answers (2)

sharad jain
sharad jain

Reputation: 153

So finally i am posting the steps which i did to resolve the issue and run my solution with Windows Authentication:

1)Install IIS Cors module.

2)IIS Settings in my case were to keep only Windows Authentication enabled and disable the anonymous authentication .

3)Add below Tags in Your API's Web.config.

<system.webServer>
      <cors enabled="true">
          <add origin="<<>Your Origin>" allowed="true" />
      </cors>
      <httpProtocol>
          <customHeaders>
              <add name="Access-Control-Allow-Headers" value="Content-Type" />
              <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
              <add name="Access-Control-Allow-Credentials" value="true" />
          </customHeaders>
      </httpProtocol>

4)If in case you get 401 Error now that means , You need to setup authorization also, A simple solution would be to add credentials with the request.

Upvotes: 0

johnny 5
johnny 5

Reputation: 21033

  1. You should probably whitelist https://.

  2. You should probably configure cors from from the Startup.

  3. You may need to configure cors to AllowCredentials

    options.AddPolicy("Default", builder =>
{
   builder.WithOrigins("http://localhost:19509")
        .WithOrigins("https://localhost:19509")
        .AllowCredentials()
        .AllowAnyHeader()
        .AllowAnyMethod();
});

Then you need to add the cors policy to the app so it's applied to each request

public void Configure(IApplicationBuilder app)
{
    app.UseCors("Default");
}

On a side note during development phase, you can open up the cors policy and slowly start restricting it as you learn.

EDIT

"It runs when I try with a cors disabled Chrome browser."

The browser is the one to enforce cors. If it only runs when cors is disabled, it means the cors headers are being added properly from the server.

It sounds like your issue is the client. It sounds like either you're trying to make a call from the client, with a domain different than localhost:19509, OR at some point during the login process you're using Https which you haven't configured in your updated example.

Upvotes: 1

Related Questions