What is the correct way to setup CORS with ASP.NET Core and Aurelia (with http-fetch-client), with Windows...
up vote
0
down vote
favorite
Making a CORS request with ASP.NET Core and Aurelia http-fetch-client does not work correctly when Windows (NTLM) authentication is enabled.
The setup is as follows:
Static files are hosted on http://localhost:50927/
API is hosted on http://localhost:50928/
The Aurelia HTTP fetch client has been configured to use the API port:
this.client = new HttpClient();
this.client.configure((config: any) => {
config.withBaseUrl('http://localhost:50928/api/')
}
The ASP.NET Core API server has been configured to use CORS in Startup.cs
app.UseCors(builder => builder
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
However, when Windows authentication is enabled, requests to the API fail and the web browser console shows the following
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:50928/api/sifiri/get-all-reports. (Reason: CORS header 'Access-Control-Allow-Origin' missing).[Learn More]
If Windows authentication is disabled and only anonymous authentication enabled the CORS request works fine. Are there any solutions to this? All the right settings seem to be enabled, unless I've missed something
Edit: after disabling "Just my code", a related exception is shown in the console:
Exception thrown: 'System.Net.Sockets.SocketException' in Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.dll
Exception thrown: 'System.Net.Sockets.SocketException' in System.Private.CoreLib.dll
Exception thrown: 'System.IO.IOException' in System.Net.Sockets.dll
Exception thrown: 'System.IO.IOException' in System.Private.CoreLib.dll
Exception thrown: 'System.Threading.Tasks.TaskCanceledException' in System.Net.Http.dll
Exception thrown: 'System.Threading.Tasks.TaskCanceledException' in System.Private.CoreLib.dll
Exception thrown: 'System.ObjectDisposedException' in System.Net.Sockets.dll
Exception thrown: 'System.ObjectDisposedException' in System.Private.CoreLib.dll
Exception thrown: 'System.ObjectDisposedException' in System.Private.CoreLib.dll
No more information is given
asp.net-core cors aurelia aurelia-fetch-client
asked Nov 12 at 14:27
Joshun
79138
add a comment |
up vote
0
down vote
favorite
Making a CORS request with ASP.NET Core and Aurelia http-fetch-client does not work correctly when Windows (NTLM) authentication is enabled.
The setup is as follows:
Static files are hosted on http://localhost:50927/
API is hosted on http://localhost:50928/
The Aurelia HTTP fetch client has been configured to use the API port:
this.client = new HttpClient();
this.client.configure((config: any) => {
config.withBaseUrl('http://localhost:50928/api/')
}
The ASP.NET Core API server has been configured to use CORS in Startup.cs
app.UseCors(builder => builder
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
However, when Windows authentication is enabled, requests to the API fail and the web browser console shows the following
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:50928/api/sifiri/get-all-reports. (Reason: CORS header 'Access-Control-Allow-Origin' missing).[Learn More]
If Windows authentication is disabled and only anonymous authentication enabled the CORS request works fine. Are there any solutions to this? All the right settings seem to be enabled, unless I've missed something
Edit: after disabling "Just my code", a related exception is shown in the console:
Exception thrown: 'System.Net.Sockets.SocketException' in Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.dll
Exception thrown: 'System.Net.Sockets.SocketException' in System.Private.CoreLib.dll
Exception thrown: 'System.IO.IOException' in System.Net.Sockets.dll
Exception thrown: 'System.IO.IOException' in System.Private.CoreLib.dll
Exception thrown: 'System.Threading.Tasks.TaskCanceledException' in System.Net.Http.dll
Exception thrown: 'System.Threading.Tasks.TaskCanceledException' in System.Private.CoreLib.dll
Exception thrown: 'System.ObjectDisposedException' in System.Net.Sockets.dll
Exception thrown: 'System.ObjectDisposedException' in System.Private.CoreLib.dll
Exception thrown: 'System.ObjectDisposedException' in System.Private.CoreLib.dll
No more information is given
asp.net-core cors aurelia aurelia-fetch-client
asked Nov 12 at 14:27
Joshun
79138
1
Are you having an exception in your code? Exception middleware clears previously set CORS headers. And of course, in which order is the CORs middleware registered? Before MVC after it? At the beginning?
– Tseng
Nov 12 at 14:34
I didn't think so, but after disabling "Just my code" it seems that an exception is getting thrown. I'll add this to the post
– Joshun
Nov 12 at 14:38
Well you'l see in the console or debug window if an (uncaught)exception is being logged or not
– Tseng
Nov 12 at 14:39
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
Making a CORS request with ASP.NET Core and Aurelia http-fetch-client does not work correctly when Windows (NTLM) authentication is enabled.
The setup is as follows:
Static files are hosted on http://localhost:50927/
API is hosted on http://localhost:50928/
The Aurelia HTTP fetch client has been configured to use the API port:
this.client = new HttpClient();
this.client.configure((config: any) => {
config.withBaseUrl('http://localhost:50928/api/')
}
The ASP.NET Core API server has been configured to use CORS in Startup.cs
app.UseCors(builder => builder
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
However, when Windows authentication is enabled, requests to the API fail and the web browser console shows the following
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:50928/api/sifiri/get-all-reports. (Reason: CORS header 'Access-Control-Allow-Origin' missing).[Learn More]
If Windows authentication is disabled and only anonymous authentication enabled the CORS request works fine. Are there any solutions to this? All the right settings seem to be enabled, unless I've missed something
Edit: after disabling "Just my code", a related exception is shown in the console:
Exception thrown: 'System.Net.Sockets.SocketException' in Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.dll
Exception thrown: 'System.Net.Sockets.SocketException' in System.Private.CoreLib.dll
Exception thrown: 'System.IO.IOException' in System.Net.Sockets.dll
Exception thrown: 'System.IO.IOException' in System.Private.CoreLib.dll
Exception thrown: 'System.Threading.Tasks.TaskCanceledException' in System.Net.Http.dll
Exception thrown: 'System.Threading.Tasks.TaskCanceledException' in System.Private.CoreLib.dll
Exception thrown: 'System.ObjectDisposedException' in System.Net.Sockets.dll
Exception thrown: 'System.ObjectDisposedException' in System.Private.CoreLib.dll
Exception thrown: 'System.ObjectDisposedException' in System.Private.CoreLib.dll
No more information is given
asp.net-core cors aurelia aurelia-fetch-client
asked Nov 12 at 14:27
Joshun
79138
Making a CORS request with ASP.NET Core and Aurelia http-fetch-client does not work correctly when Windows (NTLM) authentication is enabled.
The setup is as follows:
Static files are hosted on http://localhost:50927/
API is hosted on http://localhost:50928/
The Aurelia HTTP fetch client has been configured to use the API port:
this.client = new HttpClient();
this.client.configure((config: any) => {
config.withBaseUrl('http://localhost:50928/api/')
}
The ASP.NET Core API server has been configured to use CORS in Startup.cs
app.UseCors(builder => builder
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
However, when Windows authentication is enabled, requests to the API fail and the web browser console shows the following
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:50928/api/sifiri/get-all-reports. (Reason: CORS header 'Access-Control-Allow-Origin' missing).[Learn More]
If Windows authentication is disabled and only anonymous authentication enabled the CORS request works fine. Are there any solutions to this? All the right settings seem to be enabled, unless I've missed something
Edit: after disabling "Just my code", a related exception is shown in the console:
Exception thrown: 'System.Net.Sockets.SocketException' in Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.dll
Exception thrown: 'System.Net.Sockets.SocketException' in System.Private.CoreLib.dll
Exception thrown: 'System.IO.IOException' in System.Net.Sockets.dll
Exception thrown: 'System.IO.IOException' in System.Private.CoreLib.dll
Exception thrown: 'System.Threading.Tasks.TaskCanceledException' in System.Net.Http.dll
Exception thrown: 'System.Threading.Tasks.TaskCanceledException' in System.Private.CoreLib.dll
Exception thrown: 'System.ObjectDisposedException' in System.Net.Sockets.dll
Exception thrown: 'System.ObjectDisposedException' in System.Private.CoreLib.dll
Exception thrown: 'System.ObjectDisposedException' in System.Private.CoreLib.dll
No more information is given
asp.net-core cors aurelia aurelia-fetch-client
asp.net-core cors aurelia aurelia-fetch-client
asked Nov 12 at 14:27
Joshun
79138
asked Nov 12 at 14:27
Joshun
79138
edited Nov 12 at 14:43
asked Nov 12 at 14:27
Joshun
79138
asked Nov 12 at 14:27
Joshun
79138
asked Nov 12 at 14:27
Joshun
79138
79138
1
Are you having an exception in your code? Exception middleware clears previously set CORS headers. And of course, in which order is the CORs middleware registered? Before MVC after it? At the beginning?
– Tseng
Nov 12 at 14:34
I didn't think so, but after disabling "Just my code" it seems that an exception is getting thrown. I'll add this to the post
– Joshun
Nov 12 at 14:38
Well you'l see in the console or debug window if an (uncaught)exception is being logged or not
– Tseng
Nov 12 at 14:39
add a comment |
1
Are you having an exception in your code? Exception middleware clears previously set CORS headers. And of course, in which order is the CORs middleware registered? Before MVC after it? At the beginning?
– Tseng
Nov 12 at 14:34
I didn't think so, but after disabling "Just my code" it seems that an exception is getting thrown. I'll add this to the post
– Joshun
Nov 12 at 14:38
Well you'l see in the console or debug window if an (uncaught)exception is being logged or not
– Tseng
Nov 12 at 14:39
1
1
Are you having an exception in your code? Exception middleware clears previously set CORS headers. And of course, in which order is the CORs middleware registered? Before MVC after it? At the beginning?
– Tseng
Nov 12 at 14:34
Are you having an exception in your code? Exception middleware clears previously set CORS headers. And of course, in which order is the CORs middleware registered? Before MVC after it? At the beginning?
– Tseng
Nov 12 at 14:34
I didn't think so, but after disabling "Just my code" it seems that an exception is getting thrown. I'll add this to the post
– Joshun
Nov 12 at 14:38
I didn't think so, but after disabling "Just my code" it seems that an exception is getting thrown. I'll add this to the post
– Joshun
Nov 12 at 14:38
Well you'l see in the console or debug window if an (uncaught)exception is being logged or not
– Tseng
Nov 12 at 14:39
Well you'l see in the console or debug window if an (uncaught)exception is being logged or not
– Tseng
Nov 12 at 14:39
add a comment |
1 Answer
1
active
oldest
votes
up vote
1
down vote
accepted
You just need to include the credentials and mode while you are making the fetch call. This should look something like below:
this.client
.fetch(apiUrl, {
mode: "cors",
credentials: "include",
...
})
With this, you are basically asking the browser to include user credentials with the fetch request. And, that should suffice, given you have configured CORS on service to include client origin/header/method etc.
Hope it helps.
answered Nov 13 at 10:52
Sayan Pal
2,43922357
Thanks that works, didn't expect it to be something that simple
– Joshun
Nov 14 at 9:32
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53264248%2fwhat-is-the-correct-way-to-setup-cors-with-asp-net-core-and-aurelia-with-http-f%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
accepted
You just need to include the credentials and mode while you are making the fetch call. This should look something like below:
this.client
.fetch(apiUrl, {
mode: "cors",
credentials: "include",
...
})
With this, you are basically asking the browser to include user credentials with the fetch request. And, that should suffice, given you have configured CORS on service to include client origin/header/method etc.
Hope it helps.
answered Nov 13 at 10:52
Sayan Pal
2,43922357
Thanks that works, didn't expect it to be something that simple
– Joshun
Nov 14 at 9:32
add a comment |
up vote
1
down vote
accepted
You just need to include the credentials and mode while you are making the fetch call. This should look something like below:
this.client
.fetch(apiUrl, {
mode: "cors",
credentials: "include",
...
})
With this, you are basically asking the browser to include user credentials with the fetch request. And, that should suffice, given you have configured CORS on service to include client origin/header/method etc.
Hope it helps.
answered Nov 13 at 10:52
Sayan Pal
2,43922357
Thanks that works, didn't expect it to be something that simple
– Joshun
Nov 14 at 9:32
add a comment |
up vote
1
down vote
accepted
up vote
1
down vote
accepted
You just need to include the credentials and mode while you are making the fetch call. This should look something like below:
this.client
.fetch(apiUrl, {
mode: "cors",
credentials: "include",
...
})
With this, you are basically asking the browser to include user credentials with the fetch request. And, that should suffice, given you have configured CORS on service to include client origin/header/method etc.
Hope it helps.
answered Nov 13 at 10:52
Sayan Pal
2,43922357
You just need to include the credentials and mode while you are making the fetch call. This should look something like below:
this.client
.fetch(apiUrl, {
mode: "cors",
credentials: "include",
...
})
With this, you are basically asking the browser to include user credentials with the fetch request. And, that should suffice, given you have configured CORS on service to include client origin/header/method etc.
Hope it helps.
answered Nov 13 at 10:52
Sayan Pal
2,43922357
answered Nov 13 at 10:52
Sayan Pal
2,43922357
answered Nov 13 at 10:52
Sayan Pal
2,43922357
answered Nov 13 at 10:52
Sayan Pal
2,43922357
2,43922357
Thanks that works, didn't expect it to be something that simple
– Joshun
Nov 14 at 9:32
add a comment |
Thanks that works, didn't expect it to be something that simple
– Joshun
Nov 14 at 9:32
Thanks that works, didn't expect it to be something that simple
– Joshun
Nov 14 at 9:32
Thanks that works, didn't expect it to be something that simple
– Joshun
Nov 14 at 9:32
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53264248%2fwhat-is-the-correct-way-to-setup-cors-with-asp-net-core-and-aurelia-with-http-f%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Are you having an exception in your code? Exception middleware clears previously set CORS headers. And of course, in which order is the CORs middleware registered? Before MVC after it? At the beginning?
– Tseng
Nov 12 at 14:34
I didn't think so, but after disabling "Just my code" it seems that an exception is getting thrown. I'll add this to the post
– Joshun
Nov 12 at 14:38
Well you'l see in the console or debug window if an (uncaught)exception is being logged or not
– Tseng
Nov 12 at 14:39