4

I have a project that has both an API and an Area that contains some web forms.
Recently the Token endpoint of the API started throwing CORS errors and I can't figure out why or how to fix it.

I've updated the Startup.Auth.cs file with:app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);

Also tried adding config.EnableCors(new EnableCorsAttribute("*", "*", "GET,POST")); to the WebApiConfig.cs file.

Neither of these have added the 'Access-Control-Allow-Origin' header that is needed. (I do get a different error if both of these are implemented at the same time, so I know that is not the issue.)

Is there another location in the project that I need to set to allow CORS requests for an auth token?

Improve this question

4 Answers 4

Reset to default
2

I had to this in ApplicationOAuthProvider.cs/GrantResourceOwnerCredentials to work. The first three lines are for reference point only, "context.OwinContext" line was added to make it work. 

public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>(); ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password); **context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "http://localhost:24589" });**

Use above if you want to individually configure and allow CORS at different access points. If you want to allow application wide then you may modify ApplicationOAuthProvider.cs/ConfigureAuth like below. Either approach works.

public void ConfigureAuth(IAppBuilder app) { app.UseCors(CorsOptions.AllowAll);
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

+1 The second approach is quick fix. You just have to add Microsoft.Owin.Cors nuget package. Another very informative thread on SO stackoverflow.com/questions/20079813/…
1

Okay, found the problem(s).

First, my test harness was pointing at the wrong location so any changes I was making were having no effect and my break points were not being hit. My bad.

Second, the configuration that finally got me working is to have the following code:

ApplicationOAuthProvider.GrantResourceOwnerCredentials: var allowedOrigin = context.OwinContext.Get<string>("as:clientAllowedOrigin"); if (allowedOrigin == null) allowedOrigin = "*"; WebApiConfig.Register: config.EnableCors(new EnableCorsAttribute("*", "*", "GET,POST"));

I hope this helps anyone else that is struggling with CORS and Katana/OWIN middleware.

Improve this answer

Comments

1

After enable CORS in WebApiConfig.cs , you should also config the web.config to also enable CORS . It's work in my application :

<system.webServer> <!--Enbale CORS--> <httpProtocol> <customHeaders> <add name="Access-Control-Allow-Origin" value="http://yourwebsite" /> </customHeaders> </httpProtocol> <modules> ... </modules> </system.webServer>
Improve this answer

Comments

0

I also struggled and spent around 5 hours, finally I got the solution.

Technology : Asp.net Framework

solution: need to install "Microsoft.Owin.Cors"

And Add the below line into "Startup.Auth.cs/ConfigureAuth()" method

app.UseCors(CorsOptions.AllowAll);

we don't want to add anything in any where, this is sufficient and it is working fine for me.

I got the answer from here: Getting token from web API2 from Angular2 leads to CORS issues or null

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.