AngularJS, WebAPI, and Windows Authentication: OPTIONS 401 and "Reponse for preflight has invalid HTTP status code 401"

Question

I'm building an internal application for work that uses AngularJS, WebAPI, and Windows Authentication. The Angular client and the WebAPI are different projects, which will run on two seperate ports on my local machine.

I enabled CORS in Web.config of the API project using the following:

<httpProtocol>
  ...
  <customHeaders>        
    <add name="Access-Control-Allow-Origin" value="http://localhost:#PORTOFCLIENT#" />
    <add name="Access-Control-Allow-Headers" value="Content-Type" />
    <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
    <add name="Access-Control-Allow-Credentials" value="true" />
  </customHeaders>
</httpProtocol>

I can make GET requests just fine; the problem is when I try to save an object using POST:

function updateFoo(foo) {
        return $http.post(baseUrl + "/api/foos", foo, { withCredentials: true })
            .then(updateFooComplete)
            .catch(updateFooFailed);
        ...
    }

I receive the following errors in Chrome:

OPTIONS http://localhost:#PORTOFWEBAPI#/api/foos
XMLHttpRequest cannot load http://localhost:#PORTOFWEBAPI#/api/foos. Response for preflight has invalid HTTP status code 401

After a little Googling, I found this response mentioning the fact that the OPTIONS request shouldn't be authenticated.

How do I prevent OPTION requests from being authenticated by WebAPI? Am I missing something?

Follow this link, it will help you. [http://stackoverflow.com/questions/10723088/401-response-for-cors-request-in-iis-with-windows-auth-enabled][1] [1]: http://stackoverflow.com/questions/10723088/401-response-for-cors-request-in-iis-with-windows-auth-enabled — Gagan Jaura, Sep 17 '15 at 09:06

AngularJS, WebAPI, and Windows Authentication: OPTIONS 401 and "Reponse for preflight has invalid HTTP status code 401"

0 Answers0