Asp.net core web api using windows authentication - Cors request unauthorised

asp.net core web api windows authentication
web api 401 unauthorized windows authentication
angular windows authentication .net core
contains cors metadata, but a middleware was not found that supports cors
setisoriginallowed
asp.net core no 'access-control-allow-origin' header is present on the requested resource.
asp.net core cors
enable cors web api in angular 6

In my asp.net core web api, I've configured Cors as per the article from MS documentation. The web api app is using windows authentication (Anonymous Authentication is Not enabled). Cor's policy is created and middle ware is added as below in the startup.cs

public void ConfigureServices(IServiceCollection services)
{
    services.AddCors(options =>
    {
        options.AddPolicy("CorsPolicy",
            builder => builder.WithOrigins("http://localhost:4200")
                .AllowAnyMethod()
                .AllowAnyHeader()
                .AllowCredentials()
            );
    });

    services.AddMvc().AddJsonOptions(options => {
        options.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Ignore;
    });
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{         
    //Enable CORS policy 
    app.UseCors("CorsPolicy");
    app.UseMvc();
}

Also applied the policy per controller level

[EnableCors("CorsPolicy"), Route("api/[controller]")]
public class LocationController : BaseController<Location>
{
  //code
}

Options request is getting Unauthorized. The request & response looks like

I have seen similar questions and tried almost every solution but the options request is still failing.


You may want to read this thread: https://github.com/aspnet/CORS/issues/60. You can mix anonymous and NTLM so that your CORS preflights aren't denied (since they don't include windows credentials). IIS handles NTLM authentication before it even gets to the middleware so this is probably an IIS thing. You may need to allow anonymous CORs preflight checks.

ASP.NET Core and CORS Gotchas, launchSettings.json: I set Anonymous and Windows Authentication to and OPTIONS request was not carrying any Authentication with them. Asp.net core web api using windows authentication - Cors request unauthorised. In my asp.net core web api, I've configured Cors as per the article from MS documentation. The web api app is using windows authentication (Anonymous Authentication is Not enabled). Options request is getting Unauthorized.


This is very similar to CORS enabled but response for preflight has invalid HTTP status code 404 when POSTing JSON and provided solution working for me(I had 401 error on POST requests). Also NTLM and Negotiate should not be configured both(Negotiate V/s NTLM).

[Solved] CORS issue when angular and web API(.NET core) is used , We learn about how to use inbuilt Windows authentication in Web API https://​docs.microsoft.com/en-us/aspnet/web-api/overview/security/ -origin-requests-in​-web-api; https://enable-cors.org/server_aspnet. a valid credential otherwise it will display 401 Unauthorized access. NET Core 2.0 Web API. Angular4 ASP.NET Core 1.2 Windows Authentication CORS for PUT and POST Gives 401 Angular 6 Asp.Net (not Core) Web Api CORS request fails .NET Core WEB Api


It looks like you want pass credential or along with request.

Please Check this link for add credential / allow user credential.

Be careful when allowing cross-origin credentials. A website at another domain can send a logged-in user's credentials to the app on the user's behalf without the user's knowledge. The CORS specification also states that setting origins to "*" (all origins) is invalid if the Access-Control-Allow-Credentials header is present.

Enable Windows Authentication In Web API And Angular App, Request: Request URL:http://localhost:2116/releases Request Method:OPTIONS Status Code:401 Unauthorized Remote Address:[::1]:2116 Respon I am working on a web api with Windows authentication and cross-domain According to dotnet/aspnetcore#1232 and dotnet/extensions#85, more  CORS preflight OPTIONS request returns 401 (Unauthorized) from Windows Authenticated web api Web API project using Windows Authentication. asp.net-web-api


Using IIS CORS Module solved the problem superbly. Below URL is for reference.

Working with Windows Authentication While this is by no means the only scenario solved by the CORS module, it was important enough to warrant calling out. Previously, if you tried to make a cross-domain request to an application that used Windows Authentication, your preflight request would fail since the browser did not send credentials with the preflight request. There was no way to work around this without enabling anonymous authentication in your application. Since the CORS module kicks in before authentication, it makes it possible to handle a pre-flight request without compromising on the security model of your application. Here's an example of what your web.config might look like.

https://blogs.iis.net/iisteam/getting-started-with-the-iis-cors-module

Sample Code:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <!-- To customize the asp.net core module uncomment and edit the following section. 
         For more info see https://go.microsoft.com/fwlink/?linkid=838655 -->
         <system.web>
        <authentication mode="Windows"/>
    </system.web>
  <system.webServer>
  <cors enabled="true" failUnlistedOrigins="true">
            <add origin="http://localhost:60096" allowCredentials="true" >
            <allowHeaders allowAllRequestedHeaders="true">
                    <add header="Header1" />
                </allowHeaders>
            </add>
        </cors>
    <handlers>
      <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
    </handlers>
    <aspNetCore processPath="dotnet" arguments=".\Project.Api.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" />
  </system.webServer>
</configuration>

Cors requires authorization on preflight · Issue #60 · aspnet/CORS , I am using Asp.net core with windows authentication in web API and angular. I have created two http://10.11.22.215:5200/api/user 401 (Unauthorized) <<--- For Post services) { // Enable Cross-Origin Request services. you have not added cors to the middleware pipeline. you need to add app. IIS uses the ASP.NET Core Module to host ASP.NET Core apps. Windows Authentication is configured for IIS via the web.config file. The following sections show how to: Provide a local web.config file that activates Windows Authentication on the server when the app is deployed.


Post and Delete Methods 401 Unauthorized., Net Core API in order to have windows authentication. PUT request) I have this error : 401 - Unauthorized: Access is denied due to invali Active Threads · Unanswered Threads · Unresolved Threads · Support Options · Advanced Search Moreover, My angular application and my web api are on IIS. As the purpose of this application is to use inside office only, so it's suggested to use Windows Authentication mode. Prerequisite. To access any web API from Angular or any Ajax method Web API must be CORS (Cross Origin Resource Sharing) enabled otherwise the request is not executed. You can achieve this by referring to the below links.


How can I resolve 401 - Unauthorized: Access is , NET Core (Web) API; A Windows application server (ideally OS 2016) We will have to use this to handle the HTTP preflight requests, which we will To fix this, in the Windows Features dialog, make sure that the features ASP. As for CORS​, you will run into them eventually on your browser's console,  I have two separate project, one is WebAPI developed in .net Core 2.2 with Windows Authentication and other is Angular. I am stuck in CORS issue. I was able to handle GET request by using withCredentials: true in GET method option as mentioned below, where httpClient is from import { HttpClient } from '@angular/common/http':


Windows Authentication with .NET Core API and Angular on IIS, NET Core for the backend since we are a Windows shop and want to use I feel like I have the most minimal Web API setup and CORS just will not work. like the Windows authentication bit may play into this, so here are my web.config and request (according to the CORS spec), but fails with a 401 unauthorized error. When we are debugging and testing Windows Authentication based ASP.NET Core application in development environment, it is very straightforward. We can just use Windows Authentication based template to create the application without any code change. The launchSettings.json contains the following section to enable windows authentication and disable anonymous authentication. "iisSettings