mercredi 27 janvier 2016

Cross Domain Request w/ Cors

I've got an ember solution, which locally runs on http://localhost:4200. It request data from my WebApi Application, which utilizes Windows Authentication. That currently runs on http://localhost:11470. For some bizarre reason when my WebApi application responds it leaves off content such as: Access-Control-Allow-Origin. Thus throwing the following exception:

XMLHttpRequest cannot load http://localhost:11470/api/Authentication/logins. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access. The response had HTTP status code 401.

If I look at the request, I clearly see the WebApi application isn't including such data in the header. How can I correct my issue?

// Inside: 'WebApiConfig'
configuration.EnableCors(new EnableCorsAttribute("http://localhost:4200", "*", "*") { SupportsCredentials = true });

// Controller:
[Route("api/Authentication/Logins")]
public IHttpActionResult Login()
{
     if (User.Identity.IsAuthenticated)
          return Ok();      

     return Unauthorized();
}

// Ember Ajax:
Ember.$.ajax({
     type: "GET",
     url: 'http://localhost:11470/api/Authentication/logins',
     crossDomain: true,
     headers:{
          'Authorization': 'WWW-authenticate'
     },
     xhrFields: {
          withCredentials: true
     },
     error: function() { console.log('Error'); },
     success: function() { console.log('Working?'); }
});

I even tried the following:

  • Forcing the header information in the web.config.
  • Custom implementation of IHttpActionResult
  • Custom filter implementation for ActionFilterAttribute.

Those don't hit before the console errors. All that is enabled for the WebApi Application is Windows Authentication, if I navigate directly to localhost:11470/api/authentication/login it prompts me for my Active Directory credentials, then correctly responds.

I've read several documents, such as:

I can't get a solution to reliably work, what am I missing or not understanding? I know it requires the header, but why is the Cors library for WebApi not sending it?




Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)