0

Good day,

I am working with asp.net api and Angular.

When I am trying to get my authentication token from my api, I receive errors

d

I have a controller that returns an authentication token for my application.This is the logic for the controller

        [HttpPost]
    [Route("authenticate")]
    public async System.Threading.Tasks.Task<IHttpActionResult> AuthenticateAsync(LoginRequest login)
    {
        if (login == null)
            throw new HttpResponseException(HttpStatusCode.BadRequest);

        var result = await SignInManager.PasswordSignInAsync(login.Username, login.Password, false, shouldLockout: false);
       var strCurrentUserId = User.Identity.GetUserId();
        switch (result)
        {
            case SignInStatus.Success:
                {
                    LoginAprovado loginAprovado = new LoginAprovado
                    {
                        Token = TokenGenerator.GenerateTokenJwt(DateTime.Now.ToString() + login.Username + Guid.NewGuid()),
                        UserId = User.Identity.GetUserId()
                    };                       
                    return Ok(loginAprovado);
                }                  
            default:
                {
                    return Unauthorized();
                }
        }
    }

As you can see, I am returning the object LoginAprovado.

I do not know how to fix this problem, it seems a cors issue.

This is my web config

  <appSettings>

<add key="JWT_AUDIENCE_TOKEN" value="http://mysite.azurewebsites.net/" />
<add key="JWT_ISSUER_TOKEN" value="http://mysite.azurewebsites.net/" />
...more here
  <system.webServer>
<httpProtocol>
        <customHeaders>
            <add name="Access-Control-Allow-Origin" value="*" />
            <add name="Access-Control-Allow-Methods" value="GET,PUT,POST,DELETE,OPTIONS" />
    <add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept" />
        </customHeaders>
    </httpProtocol>

Note that in my customeheaders section, the access-controol-allow-origin is set to * so I can debug my front end in local.

What can I do to fix the issue? thanks

ev vk
  • 345
  • 1
  • 4
  • 18

1 Answers1

0

To my experience, what worked for me was adding the following line to the first line of Configuration(IAppBuilder app) method in Startup class (if you are using OWIN): 

app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
Amir Molaei
  • 3,700
  • 1
  • 17
  • 20
  • hi thanks for your response, I have a question, how does this code affects the security of the application? My idea is that for production, people just can access my api from mywebsite.com – ev vk Apr 14 '19 at 07:08
  • This question is not relevant to the original post, please create a new post for that. However, this link may help you. – Amir Molaei Apr 14 '19 at 07:18
  • thank you , by the way, I can not see the link. Thanks – ev vk Apr 14 '19 at 09:40
  • 1
    Sorry, https://stackoverflow.com/questions/24680302/csrf-protection-with-cors-origin-header-vs-csrf-token – Amir Molaei Apr 14 '19 at 09:44