asp.net web api2 - CORS on OWIN and accessing /token causes 'Access-Control-Allow-Origin' error -
i having problem securing web api using owin middle ware.
i have installed below package
install-package microsoft.owin.cors -version 2.1.0 and below configureauth.cs code.
public void configureauth(iappbuilder app) { //... app.useoauthbearertokens(oauthoptions); ///install-package microsoft.owin.cors -version 2.1.0 app.usecors(microsoft.owin.cors.corsoptions.allowall); } i have hosted webapi project on link , ,http://webaip.azurewebsites.net
i trying access controller methods of above api site, , http://mysite.azurewebsites.net above code in place able invoke methods of api not secure. (not decorated authorize attribute) through javascript not able invoke /token authentication. below javascript code.
function login() { var logindata = { grant_type: 'password', username: 'username', password: 'password', }; $.ajax({ type: 'post', url: 'http://webaip.azurewebsites.net/token/', data: logindata }).done(function (data) { alert('logged in'); alert(data); }).fail(function (data) { alert('login problem') }).error(function (data) { alert('error invoking api'); }); homecoming false; } i getting below error
xmlhttprequest cannot load http://webaip.azurewebsites.net/token/. no 'access-control-allow-origin' header nowadays on requested resource. origin 'http://mysite.azurewebsites.net' hence not allowed access. response had http status code 404. note: have tried utilize below code with. it's not working me either.
public static void register(httpconfiguration config) { var json = config.formatters.jsonformatter; config.formatters.remove(config.formatters.xmlformatter); //need have microsoft.aspnet.webapi.cors bundle installed. config.enablecors(new enablecorsattribute("*","*","*")); }
the reason getting error because have enabled cors webapi not /token endpoint gets initialised before webapi pipeline gets cors settings.
so in add-on have done in webapiconfig.cs
you should following: (assuming have standard webapi 2 project)
** open file: app_start/idenityconfig.cs ** , add together line next // allow cors ...
i have left rest untouched in normal project template
public static applicationusermanager create(identityfactoryoptions<applicationusermanager> options, iowincontext context) { // allows cors /token endpoint different webapi endpoints. context.response.headers.add("access-control-allow-origin", new[] { "*" }); // <-- line need var manager = new applicationusermanager(new userstore<applicationuser>(context.get<identitydb>())); // configure validation logic usernames manager.uservalidator = new uservalidator<applicationuser>(manager) { allowonlyalphanumericusernames = true, requireuniqueemail = true }; // configure validation logic passwords manager.passwordvalidator = new passwordvalidator { requiredlength = 6, requirenonletterordigit = false, requiredigit = true, requirelowercase = true, requireuppercase = true, }; // rest ommited ... homecoming manager; } cors asp.net-web-api2
No comments:
Post a Comment