Geek Answers Handbook

Asp.net web api 2 CORS and authorization authorization setup

I created an asp.net web api 2 service with individual account protection. I am trying to call it an AngularJs form according to this example: http://www.codeproject.com/Articles/742532/Using-Web-API-Individual-User-Account-plus-CORS-En couldn't get this to work, so added some configuration from here: How to do CORS authentication in WebAPI 2?

and this error cannot pass: XMLHttpRequest cannot load 'serverRegisterUrl'. The header "Access-Control-Allow-Origin" contains several clientUrl, *, * 'values, but only one is allowed. Therefore, the original client "client" does not have access.

I do not understand this error message. I think the line Access-Control-Allow-Origin means that you can specify the source clientUrl, all headers, all methods

I do not understand the problem. If I should just point out the source somewhere somewhere, I don’t know where it is.

I run this on Microsoft Azure and use vs express to upgrade version 2 for websites just in case.

Unfortunately, I had to deduce my links from the error message, because I need at least a 10 reputation here to post more than two links in the question.

+5
angularjs cors azure asp.net-web-api2
source share
3 answers

It works for me, I think it got to the configuration. Web.config: no "Access-Control-Allow-Origin" customHeaders node

Startup.Auth.cs:
// This must come first to intercept the /Token requests app.UseCors(CorsOptions.AllowAll);

// Enable the application to use bearer tokens to authenticate users app.UseOAuthBearerTokens(OAuthOptions);

WebApiConfig.cs: (courts are not involved here) //var cors = new EnableCorsAttribute("*", "*", "*"); //config.EnableCors(cors);

AccountController.cs: attribute of the GetExternalLogin method: [EnableCors(origins: "*", headers: "*", methods: "*")]

I think all my current CORS configuration.

+9
source share

Just adding @AlexSmotritsky's answer.

To use the UseCors method in

 app.UseCors(CorsOptions.AllowAll);

don't forget to install Microsoft.Owin.Cors NuGet package and add

using the Microsoft.Owin.Cors directive; .

+4
source share

It looks like your Access-Control-Allow-Origin clientUrl, *, * was clientUrl, *, * , which might be invalid. This allows only one value. You can put * means that all roots are allowed, or the one you specified, for example, your AngularJS node.

I put my code on https://gist.github.com/shaunxu/8414a78cd8074432fc69 This may not be the eastern way, but it works in my application.

0
source share

More articles:


All Articles