What is the correct way to setup CORS with ASP.NET Core and Aurelia (with http-fetch-client), with Windows...











up vote
0
down vote

favorite












Making a CORS request with ASP.NET Core and Aurelia http-fetch-client does not work correctly when Windows (NTLM) authentication is enabled.
The setup is as follows:



Static files are hosted on http://localhost:50927/



API is hosted on http://localhost:50928/



The Aurelia HTTP fetch client has been configured to use the API port:



this.client = new HttpClient();
this.client.configure((config: any) => {
config.withBaseUrl('http://localhost:50928/api/')
}


The ASP.NET Core API server has been configured to use CORS in Startup.cs



app.UseCors(builder => builder
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());


However, when Windows authentication is enabled, requests to the API fail and the web browser console shows the following



Cross-Origin Request Blocked: The Same Origin Policy disallows reading the  remote resource at http://localhost:50928/api/sifiri/get-all-reports. (Reason: CORS header 'Access-Control-Allow-Origin' missing).[Learn More]


If Windows authentication is disabled and only anonymous authentication enabled the CORS request works fine. Are there any solutions to this? All the right settings seem to be enabled, unless I've missed something



Edit: after disabling "Just my code", a related exception is shown in the console:



Exception thrown: 'System.Net.Sockets.SocketException' in Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.dll
Exception thrown: 'System.Net.Sockets.SocketException' in System.Private.CoreLib.dll
Exception thrown: 'System.IO.IOException' in System.Net.Sockets.dll
Exception thrown: 'System.IO.IOException' in System.Private.CoreLib.dll
Exception thrown: 'System.Threading.Tasks.TaskCanceledException' in System.Net.Http.dll
Exception thrown: 'System.Threading.Tasks.TaskCanceledException' in System.Private.CoreLib.dll
Exception thrown: 'System.ObjectDisposedException' in System.Net.Sockets.dll
Exception thrown: 'System.ObjectDisposedException' in System.Private.CoreLib.dll
Exception thrown: 'System.ObjectDisposedException' in System.Private.CoreLib.dll


No more information is given










share|improve this question




















  • 1




    Are you having an exception in your code? Exception middleware clears previously set CORS headers. And of course, in which order is the CORs middleware registered? Before MVC after it? At the beginning?
    – Tseng
    Nov 12 at 14:34












  • I didn't think so, but after disabling "Just my code" it seems that an exception is getting thrown. I'll add this to the post
    – Joshun
    Nov 12 at 14:38










  • Well you'l see in the console or debug window if an (uncaught)exception is being logged or not
    – Tseng
    Nov 12 at 14:39















up vote
0
down vote

favorite












Making a CORS request with ASP.NET Core and Aurelia http-fetch-client does not work correctly when Windows (NTLM) authentication is enabled.
The setup is as follows:



Static files are hosted on http://localhost:50927/



API is hosted on http://localhost:50928/



The Aurelia HTTP fetch client has been configured to use the API port:



this.client = new HttpClient();
this.client.configure((config: any) => {
config.withBaseUrl('http://localhost:50928/api/')
}


The ASP.NET Core API server has been configured to use CORS in Startup.cs



app.UseCors(builder => builder
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());


However, when Windows authentication is enabled, requests to the API fail and the web browser console shows the following



Cross-Origin Request Blocked: The Same Origin Policy disallows reading the  remote resource at http://localhost:50928/api/sifiri/get-all-reports. (Reason: CORS header 'Access-Control-Allow-Origin' missing).[Learn More]


If Windows authentication is disabled and only anonymous authentication enabled the CORS request works fine. Are there any solutions to this? All the right settings seem to be enabled, unless I've missed something



Edit: after disabling "Just my code", a related exception is shown in the console:



Exception thrown: 'System.Net.Sockets.SocketException' in Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.dll
Exception thrown: 'System.Net.Sockets.SocketException' in System.Private.CoreLib.dll
Exception thrown: 'System.IO.IOException' in System.Net.Sockets.dll
Exception thrown: 'System.IO.IOException' in System.Private.CoreLib.dll
Exception thrown: 'System.Threading.Tasks.TaskCanceledException' in System.Net.Http.dll
Exception thrown: 'System.Threading.Tasks.TaskCanceledException' in System.Private.CoreLib.dll
Exception thrown: 'System.ObjectDisposedException' in System.Net.Sockets.dll
Exception thrown: 'System.ObjectDisposedException' in System.Private.CoreLib.dll
Exception thrown: 'System.ObjectDisposedException' in System.Private.CoreLib.dll


No more information is given










share|improve this question




















  • 1




    Are you having an exception in your code? Exception middleware clears previously set CORS headers. And of course, in which order is the CORs middleware registered? Before MVC after it? At the beginning?
    – Tseng
    Nov 12 at 14:34












  • I didn't think so, but after disabling "Just my code" it seems that an exception is getting thrown. I'll add this to the post
    – Joshun
    Nov 12 at 14:38










  • Well you'l see in the console or debug window if an (uncaught)exception is being logged or not
    – Tseng
    Nov 12 at 14:39













up vote
0
down vote

favorite









up vote
0
down vote

favorite











Making a CORS request with ASP.NET Core and Aurelia http-fetch-client does not work correctly when Windows (NTLM) authentication is enabled.
The setup is as follows:



Static files are hosted on http://localhost:50927/



API is hosted on http://localhost:50928/



The Aurelia HTTP fetch client has been configured to use the API port:



this.client = new HttpClient();
this.client.configure((config: any) => {
config.withBaseUrl('http://localhost:50928/api/')
}


The ASP.NET Core API server has been configured to use CORS in Startup.cs



app.UseCors(builder => builder
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());


However, when Windows authentication is enabled, requests to the API fail and the web browser console shows the following



Cross-Origin Request Blocked: The Same Origin Policy disallows reading the  remote resource at http://localhost:50928/api/sifiri/get-all-reports. (Reason: CORS header 'Access-Control-Allow-Origin' missing).[Learn More]


If Windows authentication is disabled and only anonymous authentication enabled the CORS request works fine. Are there any solutions to this? All the right settings seem to be enabled, unless I've missed something



Edit: after disabling "Just my code", a related exception is shown in the console:



Exception thrown: 'System.Net.Sockets.SocketException' in Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.dll
Exception thrown: 'System.Net.Sockets.SocketException' in System.Private.CoreLib.dll
Exception thrown: 'System.IO.IOException' in System.Net.Sockets.dll
Exception thrown: 'System.IO.IOException' in System.Private.CoreLib.dll
Exception thrown: 'System.Threading.Tasks.TaskCanceledException' in System.Net.Http.dll
Exception thrown: 'System.Threading.Tasks.TaskCanceledException' in System.Private.CoreLib.dll
Exception thrown: 'System.ObjectDisposedException' in System.Net.Sockets.dll
Exception thrown: 'System.ObjectDisposedException' in System.Private.CoreLib.dll
Exception thrown: 'System.ObjectDisposedException' in System.Private.CoreLib.dll


No more information is given










share|improve this question















Making a CORS request with ASP.NET Core and Aurelia http-fetch-client does not work correctly when Windows (NTLM) authentication is enabled.
The setup is as follows:



Static files are hosted on http://localhost:50927/



API is hosted on http://localhost:50928/



The Aurelia HTTP fetch client has been configured to use the API port:



this.client = new HttpClient();
this.client.configure((config: any) => {
config.withBaseUrl('http://localhost:50928/api/')
}


The ASP.NET Core API server has been configured to use CORS in Startup.cs



app.UseCors(builder => builder
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());


However, when Windows authentication is enabled, requests to the API fail and the web browser console shows the following



Cross-Origin Request Blocked: The Same Origin Policy disallows reading the  remote resource at http://localhost:50928/api/sifiri/get-all-reports. (Reason: CORS header 'Access-Control-Allow-Origin' missing).[Learn More]


If Windows authentication is disabled and only anonymous authentication enabled the CORS request works fine. Are there any solutions to this? All the right settings seem to be enabled, unless I've missed something



Edit: after disabling "Just my code", a related exception is shown in the console:



Exception thrown: 'System.Net.Sockets.SocketException' in Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.dll
Exception thrown: 'System.Net.Sockets.SocketException' in System.Private.CoreLib.dll
Exception thrown: 'System.IO.IOException' in System.Net.Sockets.dll
Exception thrown: 'System.IO.IOException' in System.Private.CoreLib.dll
Exception thrown: 'System.Threading.Tasks.TaskCanceledException' in System.Net.Http.dll
Exception thrown: 'System.Threading.Tasks.TaskCanceledException' in System.Private.CoreLib.dll
Exception thrown: 'System.ObjectDisposedException' in System.Net.Sockets.dll
Exception thrown: 'System.ObjectDisposedException' in System.Private.CoreLib.dll
Exception thrown: 'System.ObjectDisposedException' in System.Private.CoreLib.dll


No more information is given







asp.net-core cors aurelia aurelia-fetch-client






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 12 at 14:43

























asked Nov 12 at 14:27









Joshun

79138




79138








  • 1




    Are you having an exception in your code? Exception middleware clears previously set CORS headers. And of course, in which order is the CORs middleware registered? Before MVC after it? At the beginning?
    – Tseng
    Nov 12 at 14:34












  • I didn't think so, but after disabling "Just my code" it seems that an exception is getting thrown. I'll add this to the post
    – Joshun
    Nov 12 at 14:38










  • Well you'l see in the console or debug window if an (uncaught)exception is being logged or not
    – Tseng
    Nov 12 at 14:39














  • 1




    Are you having an exception in your code? Exception middleware clears previously set CORS headers. And of course, in which order is the CORs middleware registered? Before MVC after it? At the beginning?
    – Tseng
    Nov 12 at 14:34












  • I didn't think so, but after disabling "Just my code" it seems that an exception is getting thrown. I'll add this to the post
    – Joshun
    Nov 12 at 14:38










  • Well you'l see in the console or debug window if an (uncaught)exception is being logged or not
    – Tseng
    Nov 12 at 14:39








1




1




Are you having an exception in your code? Exception middleware clears previously set CORS headers. And of course, in which order is the CORs middleware registered? Before MVC after it? At the beginning?
– Tseng
Nov 12 at 14:34






Are you having an exception in your code? Exception middleware clears previously set CORS headers. And of course, in which order is the CORs middleware registered? Before MVC after it? At the beginning?
– Tseng
Nov 12 at 14:34














I didn't think so, but after disabling "Just my code" it seems that an exception is getting thrown. I'll add this to the post
– Joshun
Nov 12 at 14:38




I didn't think so, but after disabling "Just my code" it seems that an exception is getting thrown. I'll add this to the post
– Joshun
Nov 12 at 14:38












Well you'l see in the console or debug window if an (uncaught)exception is being logged or not
– Tseng
Nov 12 at 14:39




Well you'l see in the console or debug window if an (uncaught)exception is being logged or not
– Tseng
Nov 12 at 14:39












1 Answer
1






active

oldest

votes

















up vote
1
down vote



accepted










You just need to include the credentials and mode while you are making the fetch call. This should look something like below:



this.client
.fetch(apiUrl, {
mode: "cors",
credentials: "include",
...
})


With this, you are basically asking the browser to include user credentials with the fetch request. And, that should suffice, given you have configured CORS on service to include client origin/header/method etc.



Hope it helps.






share|improve this answer





















  • Thanks that works, didn't expect it to be something that simple
    – Joshun
    Nov 14 at 9:32











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53264248%2fwhat-is-the-correct-way-to-setup-cors-with-asp-net-core-and-aurelia-with-http-f%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
1
down vote



accepted










You just need to include the credentials and mode while you are making the fetch call. This should look something like below:



this.client
.fetch(apiUrl, {
mode: "cors",
credentials: "include",
...
})


With this, you are basically asking the browser to include user credentials with the fetch request. And, that should suffice, given you have configured CORS on service to include client origin/header/method etc.



Hope it helps.






share|improve this answer





















  • Thanks that works, didn't expect it to be something that simple
    – Joshun
    Nov 14 at 9:32















up vote
1
down vote



accepted










You just need to include the credentials and mode while you are making the fetch call. This should look something like below:



this.client
.fetch(apiUrl, {
mode: "cors",
credentials: "include",
...
})


With this, you are basically asking the browser to include user credentials with the fetch request. And, that should suffice, given you have configured CORS on service to include client origin/header/method etc.



Hope it helps.






share|improve this answer





















  • Thanks that works, didn't expect it to be something that simple
    – Joshun
    Nov 14 at 9:32













up vote
1
down vote



accepted







up vote
1
down vote



accepted






You just need to include the credentials and mode while you are making the fetch call. This should look something like below:



this.client
.fetch(apiUrl, {
mode: "cors",
credentials: "include",
...
})


With this, you are basically asking the browser to include user credentials with the fetch request. And, that should suffice, given you have configured CORS on service to include client origin/header/method etc.



Hope it helps.






share|improve this answer












You just need to include the credentials and mode while you are making the fetch call. This should look something like below:



this.client
.fetch(apiUrl, {
mode: "cors",
credentials: "include",
...
})


With this, you are basically asking the browser to include user credentials with the fetch request. And, that should suffice, given you have configured CORS on service to include client origin/header/method etc.



Hope it helps.







share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 13 at 10:52









Sayan Pal

2,43922357




2,43922357












  • Thanks that works, didn't expect it to be something that simple
    – Joshun
    Nov 14 at 9:32


















  • Thanks that works, didn't expect it to be something that simple
    – Joshun
    Nov 14 at 9:32
















Thanks that works, didn't expect it to be something that simple
– Joshun
Nov 14 at 9:32




Thanks that works, didn't expect it to be something that simple
– Joshun
Nov 14 at 9:32


















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53264248%2fwhat-is-the-correct-way-to-setup-cors-with-asp-net-core-and-aurelia-with-http-f%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Guess what letter conforming each word

Port of Spain

Run scheduled task as local user group (not BUILTIN)