Unable to access the webapi from angular 8 application

Question

I have implemented an asp.net core web api and the endpoints seems to work fine. I am running the webapi via its local webserver. I am able to access the api via postman as well. I have implemented an Angular 8 application. I am getting an unknown error while trying to access the api endpoint. I initially thought it is cors issue and enabled cors in my controller but still facing the same problem. Could somebody tell me what the problem could be

The webapi ur is http://localhost:56676/api/customers and the angular application url is http://localhost:4200/customer

The error message that is am getting is

Access to XMLHttpRequest at 'http://localhost:56676/api/customers/' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Angular code

CustomerComponent

ngOnInit() {
      this.customers$ = this.customerService.getCustomers()
          .pipe(
              catchError(err => {
                 this.errorMessage = err;
                 return EMPTY;
              })
          )
  }

Customer interface

interface ICustomer {

        customerId : string;
        companyName : string;
        contactName : string;
        contactTitle : string;
        address : string;
        city : string;
        region : string;
        postalCode : string;
        country : string;
        phone : string;
        fax : string;

}

CustomerService

export class CustomerService {

  constructor(private smartTrCommonService:  SmartTrCommonService) { }

  getCustomers() : Observable<ICustomer[]>{
    return this.smartTrCommonService.httpGet('/api/customers/');
  }
}

CommonService

export class SmartTrCommonService {

    webApplication = this.getApiLocation();

    private getApiLocation() {
        const port = location.port ? ':56676' : '';
        return location.protocol + '//' + location.hostname + port;
    }

    constructor(private httpClient: HttpClient) { }

    httpGet(url: string): Observable<any> {
        return this.httpClient.get(this.webApplication + url, httpPostOptions)
            .pipe(map((response: Response) => {
                return response;
            }), catchError(error => {
                this.onError(error);
                return Promise.reject(error);
            }));
    }
}

Asp.Net core

[EnableCors("AllowOrigin")]
    [Route("api/[controller]")]
    [ApiController]
    public class CustomersController : ControllerBase
    {

        ICustomerRepository _customersRepository;


        public CustomersController(ICustomerRepository customersRepository)
        {
            _customersRepository = customersRepository;
        }

        [HttpGet]
        [EnableCors("AllowOrigin")]
        public async Task<IActionResult> Get()
        {
            try
            {
                var customers = await _customersRepository.GetAllCustomers();
                if (customers == null)
                {
                    return NotFound();
                }

                return Ok(customers);
            }
            catch
            {
                return BadRequest();
            }
        }
}

startup.cs

 public void ConfigureServices(IServiceCollection services)
        {
            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);


            services.AddSwaggerGen(c =>
            {

            });


            services.AddDbContext<NorthwindContext>(item => item.UseSqlServer(Configuration.GetConnectionString("NorthwindDBConnection")));
            services.AddCors(c =>
        {
            c.AddPolicy("AllowOrigin", options => options.WithOrigins("http://localhost:4200"));
        });

            var mappingConfig = new MapperConfiguration(mc =>
            {
                mc.AddProfile(new MappingProfile());
            });

            IMapper mapper = mappingConfig.CreateMapper();
            services.AddSingleton(mapper);



            services.AddScoped<ICustomerRepository, CustomerRepository>();
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                app.UseHsts();
            }
               app.UseCors(options => options.WithOrigins("http://localhost:4200"));
            app.UseCors("MyPolicy");
            app.UseHttpsRedirection();
            app.UseSwagger();
            app.UseSwaggerUI(c => { c.SwaggerEndpoint("/swagger/v1/swagger.json", "API name"); });
            app.UseMvc();
        }

Updated startup file

public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);


            services.AddSwaggerGen(c =>
            {

            });


            services.AddDbContext<NorthwindContext>(item => item.UseSqlServer(Configuration.GetConnectionString("NorthwindDBConnection")));

            services.AddCors(options =>
            {
                options.AddPolicy("AllowOrigin",
                builder =>
                {
                    builder.WithOrigins("http://localhost:4200/")
                                        .AllowAnyHeader()
                                        .AllowAnyMethod();
                                      //  .AllowCredentials();
                });
            });

            var mappingConfig = new MapperConfiguration(mc =>
            {
                mc.AddProfile(new MappingProfile());
            });

            IMapper mapper = mappingConfig.CreateMapper();
            services.AddSingleton(mapper);



            services.AddScoped<ICustomerRepository, CustomerRepository>();
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
            app.UseOptions();

            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                app.UseHsts();
            }
            app.UseCors("AllowOrigin");

            app.UseHttpsRedirection();
            app.UseSwagger();
            app.UseSwaggerUI(c => { c.SwaggerEndpoint("/swagger/v1/swagger.json", "API name"); });
            app.UseMvc();
        }
    }

It's definitely not `http://4200:locahost/`, I think you mean `http://locahost:4200/`? — msanford, Aug 19 '19 at 22:54
As a side-note, the two-layer service, and returning a service that pipes to tap to an error handler, or pipe -> map -> return response is _very_ strange. I mean, I don't even see a `.subscribe()`... Is it an async pipe in your template? My 0,02$ I'd just keep it simple: https://angular.io/guide/http — msanford, Aug 20 '19 at 02:15
The two lines on `Configure()` method are redundant: `app.UseCors(options => options.WithOrigins("http://localhost:4200"));` and `app.UseCors("MyPolicy");` Just configure the services like @XingZou answer and you are good to go. — Ali Doustkani, Aug 20 '19 at 02:29
Definitely a CORS configuration missing/invalid in your webApi — XardasLord, Aug 20 '19 at 06:02
Unable to understand as I have done the necessary changes suggested. Even added the middleware — Tom, Aug 20 '19 at 06:05

score 1 · Accepted Answer · answered Aug 20 '19 at 02:09

1

Try to configure your CORS policy like:

services.AddCors(options =>
{
    options.AddPolicy("AllowOrigin",
    builder =>
    {
        builder.WithOrigins("http://localhost:4200")
                            .AllowAnyHeader()
                            .AllowAnyMethod()
                            .AllowCredentials();
    });
});

answered Aug 20 '19 at 02:09

Ryan

19,118
10
37
53

@Tom How about trying to integrate with this solution:https://stackoverflow.com/a/42199758/10158551 And remove the extra `app.UseCors(options => options.WithOrigins("http://localhost:4200"));` in your configure method and use `app.UseCors("AllowOrigin");` instead of `app.UseCors("MyPolicy");` – Ryan Aug 20 '19 at 05:08
I added that middleware and made the change you suggested. The big improvement is that it is hitting the api controller method now but ultimately fails with following response to the client Access to XMLHttpRequest at 'http://localhost:56676/api/customers/' from origin 'http://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. – Tom Aug 20 '19 at 05:22
@Tom It is strange.It seems there is still CORS problem...Do you need Credentials?if no,could you try to remove AllowCredentials() and try again?What is `httpPostOptions` in your service?It seems that you are calling `GET` method?You could show us that in your original code? – Ryan Aug 20 '19 at 05:37
const httpPostOptions = { headers: new HttpHeaders( { 'Content-Type': 'application/json; charset=utf-8', }), withCredentials: true, } – Tom Aug 20 '19 at 06:00
@Tom I reproduce the problem from your edited code, you need to remove `"/"` at the end of url,so use `builder.WithOrigins("http://localhost:4200")` instead of `builder.WithOrigins("http://localhost:4200/")`,also add the `AllowCredentials()` – Ryan Aug 20 '19 at 06:50

score 0 · Answer 2 · answered Aug 19 '19 at 23:12

0

I think you're getting an CORS error: for development you can:

Fix it in your API (to accept your host/ip address)
Use a CORS plugin

Check this

answered Aug 19 '19 at 23:12

hestellezg

3,309
3
33
37

The article says add add_header 'Access-Control-Allow-Origin' 'http://localhost:4200' always; . I didnt get where to add – Tom Aug 19 '19 at 23:16

Unable to access the webapi from angular 8 application

2 Answers2

Linked