CORS in ASP.Net MVC with SignalR causes "Access-Control-Allow-Origin" error

Question

I use SignalR (v2.4.0) in an ASP.NET MVC project with Angular 8 and encounter "Access to XMLHttpRequest at 'https:/demo.com/signalr/negotiate?clientProtocol=2.1&connectionData=' from origin 'http://localhost:20700' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource." error while debugging (also similar error in PROD stage). I have tried to apply fixes on Setting Access-Control-Allow-Origin in ASP.Net MVC - simplest possible method, but most of them not worked or not a global fix. Instead of applying Controller stage, I would prefer a fix globally in Global.asax or Startup.cs (I also tried web.config fixes, but never worked). So, is there any global fix for this problem?

Update: Here is my configuration to fix the problem:

Startup.cs:

using Microsoft.Extensions.DependencyInjection;
using Microsoft.Owin;
using Owin;

[assembly: OwinStartup(typeof(Demo.Web.UI.App_Start.Startup))]
namespace Demo.Web.UI.App_Start
{
    public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            app.MapSignalR();
        }
    }
}

web.config:

<system.webServer>

    <httpProtocol>
        <customHeaders>
            <add name="Access-Control-Allow-Origin" value="http://localhost:20700"/>
            <add name="Access-Control-Allow-Methods" value="GET,PUT,POST,DELETE,OPTIONS"/>
            <add name="Access-Control-Allow-Headers" value="Content-Type"/>
        </customHeaders>
    </httpProtocol>    

</system.webServer>

Rob · Answer 1 · 2019-09-24T12:18:48.310

1

To work for me I had this in my startup.cs...

In "ConfigureServices" method:

services.AddCors(options => {
         options.AddDefaultPolicy(builder => {
             builder.WithOrigins("https://www.websitename.com").AllowAnyHeader().AllowAnyMethod();
         });
});

In the "Configure" method I had this:

app.UseCors(builder => {
    builder.WithOrigins("https://www.websitename.com").AllowAnyHeader().AllowAnyMethod();
});

Then in my controller I had this attribute:

[EnableCors]
[Route("api/[controller]")]
[ApiController]
public class SampleController : ControllerBase
{
  ...
}

Does that help?

edited Sep 24 '19 at 12:18

answered Sep 24 '19 at 12:06

Rob

6,819
17
71
131

1

Thanks for your help. BUT, I use ASP.NET MVC and there is no `AddCors` method. Could you please post whole Startup.cs with using libraries? Additionally, I would prefer a global fix instead of adding `[EnableCors("AllowOrigin")]` notation to each Controller. Any idea? – Sep 24 '19 at 12:12
2

You can add the CORS settings in web.config. That's usually how I get it done. https://gist.github.com/Jalalhejazi/5653347 – Svend Sep 24 '19 at 12:12
Modified code above to make it default global policy instead of specifically named policy – Rob Sep 24 '19 at 12:19
@Svend I had already tried as indicated on Setting Access-Control-Allow-Origin in ASP.Net MVC - simplest possible method issue. But I get *"The requested page cannot be accessed because the related configuration data for the page is invalid."* error and then remove Access-Control-Allow-Methods line. But in this case still encounter "Access to XMLHttpRequest at 'https:/demo.com/signalr/negotiate?clientProtocol=2.1&connectionData=' from origin 'http://localhost:20700' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource." error. Any idea? – Sep 24 '19 at 12:57
@RobMcCabe But ASP.NET MVC and there is no AddCors method. Any idea? – Sep 24 '19 at 12:58
1

@RobMcCabe I added an Update. – Sep 24 '19 at 14:59
Awesome! Thanks for sharing – Rob Sep 24 '19 at 15:03
@RobMcCabe Any help please? The problem still persists although I have tried many different approach :( – Sep 25 '19 at 09:55
Sorry I've only implemented this in ASP.net Core - it should be straight forward enough. This article seems to offer some help for your version of .net Framework ASP.net: https://learn.microsoft.com/en-us/aspnet/web-api/overview/security/enabling-cross-origin-requests-in-web-api – Rob Sep 25 '19 at 09:58
@hexadecimal If you're seeing that msg you have something funky on the IIS server (probably). Did you google what that error msg lead to? For instance: https://stackoverflow.com/questions/9216158/the-requested-page-cannot-be-accessed-because-the-related-configuration-data-for – Svend Sep 25 '19 at 11:12

Kiril1512 · Answer 2 · 2019-09-25T16:21:42.950

1

On your startup.cs:

using Microsoft.Owin.Cors;
using Microsoft.AspNet.SignalR;

...

//Branch the pipeline for requests that start with "/signalr"
app.Map("/signalr", map =>
{
    map.UseCors(CorsOptions.AllowAll);
    var hubConfiguration = new HubConfiguration { };
    hubConfiguration.EnableDetailedErrors = true;
    map.RunSignalR(hubConfiguration);
});

edited Sep 25 '19 at 16:21

answered Sep 25 '19 at 16:02

Kiril1512

3,231
3
16
41

score 0 · Answer 3 · answered Nov 25 '20 at 09:19

0

on Your web.config file change add name="Access-Control-Allow-Origin" value="http://localhost:20700" to add name="Access-Control-Allow-Origin" value="*"

answered Nov 25 '20 at 09:19

mohammad safaee

1
3

CORS in ASP.Net MVC with SignalR causes "Access-Control-Allow-Origin" error

3 Answers3