CORS issue with ASP.NET web API 2 and angular local host

Question

0.00/5 (No votes)

See more:

, +

i am getting the CORS issue while accessing the deployed ASP.Net Web API 2 while running the angular app locallly.

the same API is working with postman.

Error:

Access to XMLHttpRequest at 'https://someserver.com/someservice/api/like/Getlikedetails' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

What I have tried:

i have already enabled the all cors policy in api.

in WebApiConfig.cs file

config.EnableCors(new EnableCorsAttribute("*", headers: "*", methods: "*"));
            config.MapHttpAttributeRoutes();

Posted 5-Nov-20 2:49am

Virendra S from Bangalore, Karnataka

Updated 5-Nov-20 4:21am

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard Deeming · Answer 1 · 2020-11-05T04:22:00

Solution 1

Either you haven't deployed the CORS-enabled version to the server, or the API you've updated isn't the API you're calling.

Use your browser's developer tools to inspect the network request, and look at the response headers to check the Access-Control-Allow-Origin header.

Cross-Origin Resource Sharing (CORS) - HTTP | MDN[^]

NB: The request works from Postman because it's not running within a browser, and is not subject to the cross-site request limits imposed on web applications.

Posted 5-Nov-20 4:22am

Richard Deeming

Comments

Virendra S from Bangalore, Karnataka 16-Dec-20 11:52am

only the token api is getting cors issue, other endpoints are working fine.

[HttpPost]
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{ //Do some claims stuff}

Richard Deeming 16-Dec-20 11:55am

Then your token API is not returning the correct CORS headers.

This isn't rocket science. If a request is blocked because it's not returning the correct CORS headers, then it's not returning the correct CORS headers.

And take another look at your question. Where precisely have you mentioned the "token API" and the "other endpoints"?

Virendra S from Bangalore, Karnataka 16-Dec-20 11:53am

protected void Application_BeginRequest(object sender,EventArgs e)
{
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "*");
HttpContext.Current.Response.Cache.SetCacheability(HttpCacheability.NoCache);
if(HttpContext.Current.Request.HttpMethod=="OPTIONS")
{
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "*");
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "*");
HttpContext.Current.Response.End();
}
}

this is my global.axax.cs file method

Richard Deeming 16-Dec-20 11:56am

That's nothing like the code you posted in your question.