Cannot make CORS work - .NET 4.7.2. Receiving CORS Missig Allow Origin

Question

There are many resources online describing how to configure CORS in a .net web application. I have not been able to make anything work.

Here is the current configuration of my API application:

Installed nuget Microsoft.AspNet.WebApi.Cors

updated WebApiConfig.cs:

public static void Register(HttpConfiguration config) {

     var cors = new EnableCorsAttribute(origins: "*", headers: "*", methods: "*");
     config.EnableCors(cors);
     config.MapHttpAttributeRoutes();

     config.Routes.MapHttpRoute(
         name: "DefaultApi",
         routeTemplate: "api/{controller}/{action}/{id}",
         defaults: new { action = RouteParameter.Optional, id = RouteParameter.Optional }
     );
 }

I thought the above would be enough to make CORS work for the entire application. It did not. I added the following to web.config:

<system.webServer>
    <httpProtocol>
      <customHeaders>
        <add name="Access-Control-Allow-Origin" value="*" />
        <add name="Access-Control-Allow-Headers" value="*" />
      </customHeaders>
    </httpProtocol>
    <handlers>
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
      <remove name="OPTIONSVerbHandler" />
      <remove name="TRACEVerbHandler" />
      <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
</system.webServer>

This did not work either.

I added the CORS decorator to each controller:

namespace ABC_API.Controllers
{
    [EnableCors(origins: "*", headers: "*", methods: "*")]
    public class ABCController : ApiController

This did not work either.

I am attempting to utilize Intuit's QuickBooks API and receive the following CORS Missing Allow Origin error when attempting to get authorized:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource 
at https://appcenter.intuit.com/connect/oauth2?client_id=ABkU7xzdcdsg1vSsKZ7NKZeypTST0EmnyvFhSNPMJM3NShYd5r&response_type
=code&scope=com.intuit.quickbooks.accounting&redirect_
uri=http%3A%2F%2Flocalhost%2FDW_QB_API%2Fapi%2Fauth&
state=e2543d40145e4eb30dbc4da099501d13aca48bc30b6529ad6af74acaae330581.
 (Reason: CORS header ‘Access-Control-Allow-Origin’ missing)

What am i missing?

Looks like QuickBooks is using OAuth 2.0. See following : https://learn.microsoft.com/en-us/advertising/shopping-content/code-example-authentication-oauth?force_isolation=true — jdweng, Aug 11 '21 at 12:18
Please check this! [WebApi Cors Request from origin has been blocked by CORS policy](https://stackoverflow.com/questions/68236912/angular-and-webapi-cors-request-from-origin-has-been-blocked-by-cors-policy/68237630#68237630) — Sheno Navy, Aug 11 '21 at 12:25

score 0 · Answer 1 · answered Aug 11 '21 at 12:22

configure a CORS policy at application startup in the ConfigureServices:

public void ConfigureServices(IServiceCollection services)
{
    services.AddCors(o => o.AddPolicy("MyPolicy", builder =>
    {
        builder.AllowAnyOrigin()
               .AllowAnyMethod()
               .AllowAnyHeader();
    }));
}

For every request:

public void Configure(IApplicationBuilder app)
{
    app.UseCors("MyPolicy");

    //app.UseMvc called last
    app.UseMvc();
}

or use [EnableCors("MyPolicy")] to apply the policy to controllers and actions.

I have a global.asax.cs file not a startup.cs (.net 4.7.2) – user2370664 Aug 11 '21 at 18:29 — user2370664, Aug 11 '21 at 18:29

Cannot make CORS work - .NET 4.7.2. Receiving CORS Missig Allow Origin

1 Answers1