0

I have gone through several documentations at Enable Cross-Origin Requests and SO Answers here but I'm still not getting it right. Also followed Installed IIS CORS module

I have a .net core api 3.1 running on IIS at AWS EC2 Windows Server 2016 datacenter, with endpoint like https://6.13.21.111/api/user/authenticate. I have an angular 8 front end app running on AWS Amplify url like https://tests.d1nkxxfifp945dd.myapp.com Any time I make a request to the API I get the error below.

Access to XMLHttpRequest at 'https://6.13.21.111/api/user/authenticate' from origin 'https://tests.d1nkxxfifp945dd.myapp.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. zone.js:3372 POST https://6.13.21.111/api/users/authenticate net::ERR_FAILED

Also getting the same issue when I send request to endpoint from http://localhost:4200/ I have setup the following

Startup.cs

public class Startup
{
    public Startup(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    readonly string MyAllowSpecificOrigins = "_myAllowSpecificOrigins";

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddCors(options =>
        {
            options.AddPolicy(name: MyAllowSpecificOrigins,
                    builder =>
                    {
                        builder.AllowAnyOrigin()
                            .AllowAnyHeader()
                            .AllowAnyMethod();
                    });
        });

        services.AddControllers();
        services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_3_0);
    }

    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        app.UseHttpsRedirection();
        app.UseStaticFiles();
        app.UseRouting();
        app.UseCors(MyAllowSpecificOrigins);
        app.UseAuthentication();

        app.UseEndpoints(endpoints =>
        {
            endpoints.MapControllers();
        });
    }
}

User Controller 

[Route("api/[controller]")]
[EnableCors("MyAllowSpecificOrigins")]
[ApiController]
public class UsersController : ControllerBase
{

    private IUserService _userService;

    public UsersController(IUserService userService)
    {
        _userService = userService;

    }

    [HttpPost("authenticate")]
    public Task<ApiResponse> Authenticate([FromBody]UserRequest userRequest)
    {
        return _userService.Authenticate(userRequest);
    }

}
tmndungu
  • 320
  • 4
  • 17

1 Answers1

0

Try changing "AllowAnyOrigin"to withOrigin("your amazon angular url") and see whether it will resolve the problem.

coley02
  • 1
  • 1
  • I expect they will also have to specify that credentials should be allowed by calling AllowCredentials on the builder object. – Maritim Jun 06 '20 at 12:12