I have an Angular 4 service that calls an OData API. I have my API setup to work using Windows Authentication, this works via IE (version 11) but not with Chrome, where it throws a:
Failed to load resource: the server responded with a status of 401 (Unauthorized)
This is followed followed by:
XMLHttpRequest cannot load http://gbldnrgaptest1:53219/User. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://gap' is therefore not allowed access. The response had HTTP status code 401.
I use the following methods to create my options for each request sent:
private GetOptions(): RequestOptionsArgs{
let options : RequestOptionsArgs;
options = {
headers : this.GetHeaders(),
withCredentials: true
};
return options;
}
private GetHeaders(): Headers {
let headers = new Headers();
headers.append("OData-Version","4.0");
headers.append("Content-Type","application/json;odata.metadata=minimal");
headers.append("Accept","application/json");
return headers;
}
On my API I have enabled CORS:
var cors = new EnableCorsAttribute(origins: "*", headers: "*", methods: "*", exposedHeaders: "*")
{
SupportsCredentials = true
};
config.EnableCors(cors);
I have also enabled Windows authentication in web.config:
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<authentication mode="Windows"></authentication>
</system.web>
My IIS is also set to only allow Windows Auth:
Anyone know what may I be missing?
I feel like it's a header issue; as when I simply run a get request in Chrome e.g. by navigating to http://gbldnrgaptest1:53219/User it returns just fine, SOAP UI works too once I add in NTLM authentication.
