1

I would like to use the windows credentials for domain users to access a C# REST Api. The web app is a very simple Angular 12 app that currently just needs to display the version of the REST Api. I have a endpoint called /api/version that looks like this:

    [AllowAnonymous]
    [HttpGet]
    public IActionResult Get()
    {
        Assembly assembly = Assembly.GetExecutingAssembly();
        FileVersionInfo fileVersionInfo = FileVersionInfo.GetVersionInfo(assembly.Location);

        var versionInfo = new[]
        {
            new
            {
                company = fileVersionInfo.CompanyName,
                product = fileVersionInfo.ProductName,
                version = fileVersionInfo.FileVersion
            }
        };

        return Ok(versionInfo);
    }

calling http://test:5050/api/version in the browser displays the version info without any problems. If I remove the [AllowAnonymous] I get prompted to logon (my PC is not in the domain) - when I do this all good. This is what I want - all good!

My problem is if I access the endpoint in Angular:

    getVersion(): void {
        this._httpService.getVersion('/api/version').subscribe(
            (data) => {
                this.homeForm.patchValue(data)
            },
            (err) => console.error(err),
            () => console.log('done loading getting version info')
        )
    }

the httpService is very simple:

 getVersion(url: string): Observable<any> {
           return this.http.get(url)
    }
}

I have a button in the HTML that calls getVersion() -> when I press it I get get prompted to logon... I don't really understand why?

I am using all the newest versions of everything -> Visual Studio 2022, Angular 12 (that's still new, right ), IIS 10

Ursus Schneider
  • 447
  • 1
  • 6
  • 22
  • Do you have any HTTP_INTERCEPTORS defined for HttpClient in Angular? I'm asking, because Common implementation for windows authentication will be to add `{withCredentials: true}` to request in interceptor. If so, this flag will be added to your request. – Quercus Jan 19 '22 at 14:07
  • Something similar here -https://stackoverflow.com/questions/57147812/windows-authentication-in-net-core-web-api-angular-application – MBB Jan 19 '22 at 14:12
  • @Quercus only contenttype ==> const httpOptions = {headers: new HttpHeaders({ 'Content-Type': 'application/json'})} – Ursus Schneider Jan 20 '22 at 15:05
  • If problem still persist, I would recommend you to install some traffic-capturing software (i.e. Fiddler), then run request directly from browser and from application and check in traffic inspector what is the difference between requests - what are headers and so on. – Quercus Jan 21 '22 at 13:01
  • sorry to have not gotten back earlier - life! The problem is still persisting @quercus -> I'll give that a try. Thank you – Ursus Schneider Mar 15 '22 at 12:43

0 Answers0