Enable CORS for ASP.NET core 2.0 web api

Question

0.00/5 (No votes)

See more:

I've created a Web API using ASP.Net Core 2.0 wherein I've implemented code for enabling CORS as given below:

// This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddCors(options =>
            {
                options.AddPolicy("AllowFromAll",
                    builder => builder
                    .WithMethods("GET", "POST")
                    .AllowAnyOrigin()
                    .AllowAnyHeader());
            }); ;

        
            services.AddMvc();
           
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            app.UseCors("AllowFromAll");
            app.UseMvc();
        }
    }
}

When verified for the response by calling it through fiddler, I get http 401: UnAuthorized error.

I'm not sure If I missed some implementation to enable CORS.

Any suggestions please?

What I have tried:

// This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddCors(options =>
            {
                options.AddPolicy("AllowFromAll",
                    builder => builder
                    .WithMethods("GET", "POST")
                    .AllowAnyOrigin()
                    .AllowAnyHeader());
            }); ;

        
            services.AddMvc();
           
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            app.UseCors("AllowFromAll");
            app.UseMvc();
        }
    }
}

Posted 23-Feb-18 21:11pm

ramsai1973

Updated 14-Apr-18 5:28am

Add a Solution

Comments

ramsai1973 24-Feb-18 3:18am

HTTP/1.1 401 Unauthorized
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/10.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Sat, 24 Feb 2018 05:42:50 GMT
Content-Length: 5989
Proxy-Support: Session-Based-Authentication

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<title>IIS 10.0 Detailed Error - 401.2 - Unauthorized

HTTP Error 401.2 - Unauthorized

You are not authorized to view this page due to invalid authentication headers.

Most likely causes:

No authentication protocol (including anonymous) is selected in IIS. Only integrated authentication is enabled, and a client browser was used that does not support integrated authentication. Integrated authentication is enabled and the request was sent through a proxy that changed the authentication headers before they reach the Web server. The Web server is not configured for anonymous access and a required authorization header was not received. The "configuration/system.webServer/authorization" configuration section may be explicitly denying the user access.

Things you can try:

Verify the authentication setting for the resource and then try requesting the resource using that authentication method. Verify that the client browser supports Integrated authentication. Verify that the request is not going through a proxy when Integrated authentication is used. Verify that the user is not explicitly denied access in the "configuration/system.webServer/authorization" configuration section. Create a tracing rule to track failed requests for this HTTP status code. For more inf

Richard Deeming 26-Feb-18 11:55am

"You are not authorized to view this page due to invalid authentication headers."

That doesn't seem to be anything to do with your CORS headers. It looks like your site is configured to deny anonymous access, and you're making an anonymous request.

"No authentication protocol (including anonymous) is selected in IIS. Only integrated authentication is enabled, and a client browser was used that does not support integrated authentication."

RickZeeland 24-Feb-18 3:42am

And when you try with your firewall off ?

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Dinesh Singh Kushwaha (Dev) · Answer 1 · 2018-04-14T05:29:00

Hi friend refer this url and i am sure you can find your answer if not then just do let me know i will fix it : Enabling Cross-Origin Requests in ASP.NET Web API 2 | Microsoft Docs[^]

Step 1-

using System.Web.Http;
namespace WebService
{
    public static class WebApiConfig
    {
        public static void Register(HttpConfiguration config)
        {
            // New code
            config.EnableCors();

            config.Routes.MapHttpRoute(
                name: "DefaultApi",
                routeTemplate: "api/{controller}/{id}",
                defaults: new { id = RouteParameter.Optional }
            );
        }
    }
}

Step 2-

using System.Net.Http;
using System.Web.Http;
using System.Web.Http.Cors;

namespace WebService.Controllers
{
    [EnableCors(origins: "yourclientApplicationRootURL", headers: "*", methods: "*")]
    public class TestController : ApiController
    {
        // Controller methods not shown...
    }
}