I'm having an issue getting past Microsoft.AspNetCore.Cors.Infrastructure.CorsService with an API call from Angular 12, I've tried both Mirosoft and IdentityServer4 examples to allow CORS - both are included in the Startup.cs here. The token is provided by IdentityServer.
When I start my identity server, this is what is logged:
info: IdentityServer4.Startup[0]
Starting IdentityServer4 version 3.1.2.0
info: IdentityServer4.Startup[0]
Using the default authentication scheme Identity.Application for IdentityServer
dbug: IdentityServer4.Startup[0]
Using Identity.Application as default ASP.NET Core scheme for authentication
dbug: IdentityServer4.Startup[0]
Using Identity.External as default ASP.NET Core scheme for sign-in
dbug: IdentityServer4.Startup[0]
Using Identity.External as default ASP.NET Core scheme for sign-out
dbug: IdentityServer4.Startup[0]
Using Identity.Application as default ASP.NET Core scheme for challenge
dbug: IdentityServer4.Startup[0]
Using Identity.Application as default ASP.NET Core scheme for forbid
info: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[0]
User profile is available. Using 'C:\Users\gerardhayden\AppData\Local\ASP.NET\DataProtection-Keys' as key repository and Windows DPAPI to encrypt keys at rest.
Hosting environment: Development
Content root path: C:\OneDrive\SBSB\projects\AngularInterface\AuthorizationServer
Now listening on: https:
Now listening on: http:
Application started. Press Ctrl+C to shut down.
Starting the API:
info: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[0]
User profile is available. Using 'C:\Users\gerardhayden\AppData\Local\ASP.NET\DataProtection-Keys' as key repository and Windows DPAPI to encrypt keys at rest.
Hosting environment: Development
Content root path: C:\OneDrive\SBSB\projects\AngularInterface\Vendatic\LocalDataHandler
Now listening on: http:
Now listening on: https:
Application started. Press Ctrl+C to shut down.
Once I make an API Request from Angular 12, it fails CORS:
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/2 GET https:
info: Microsoft.AspNetCore.Cors.Infrastructure.CorsService[5]
CORS policy execution failed.
info: Microsoft.AspNetCore.Cors.Infrastructure.CorsService[6]
Request origin http:
This is the Startup.cs of my identity server:
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Reflection;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;
using AuthorizationServer.Data;
using AuthorizationServer.Infrastructure.Logging;
using AuthorizationServer.Models;
using log4net;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.HttpsPolicy;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using Microsoft.EntityFrameworkCore;
using IdentityServer4.EntityFramework.Interfaces;
using IdentityServer4.EntityFramework.DbContexts;
using IdentityServer4.EntityFramework.Entities;
using AuthorizationServer.Infrastructure.Mail;
using IdentityServer4.Services;
namespace AuthorizationServer
{
public class Startup
{
public IConfiguration Configuration { get; }
public IHostingEnvironment Environment { get; }
public IConfiguration appSettingsConfiguration { get; }
public Startup(IConfiguration configuration, IHostingEnvironment environment)
{
Configuration = configuration;
Environment = environment;
}
public void ConfigureServices(IServiceCollection services)
{
var connectionString = Configuration.GetConnectionString("DefaultConnection");
var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;
services.AddCors(options =>
{
options.AddDefaultPolicy(
builder =>
{
builder.WithOrigins("http://localhost:4200",
"https://localhost:4200");
});
});
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(connectionString));
services.AddTransient<IConfigMasterRepository, EFConfigMasterRepository>();
services.AddTransient<IPersonMasterRepository, EFPersonMasterRepository>();
services.AddTransient<IRoleMasterRepository, EFRoleMasterRepository>();
services.AddTransient<IUserRoleRepository, EFUserRoleRepository>();
services.AddSingleton<IConfiguration>(Configuration);
services.AddSingleton<ICorsPolicyService>((container) =>
{
var logger = container.GetRequiredService<ILogger<DefaultCorsPolicyService>>();
return new DefaultCorsPolicyService(logger)
{
AllowedOrigins = { "http://localhost:4200", "http://localhost:4101" }
};
});
services.AddIdentity<ApplicationUser, CRoleMasterLocal>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services.AddTransient<IEmailSender, AuthMessageSender>();
services.Configure<AuthMessageSenderOptions>(Configuration);
services.Configure<IISServerOptions>(options =>
{
options.AutomaticAuthentication = false;
});
services.AddMvc(option => option.EnableEndpointRouting = false);
var builder = services.AddIdentityServer(options =>
{
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
})
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = b =>
b.UseSqlServer(connectionString,
sql => sql.MigrationsAssembly(migrationsAssembly));
})
.AddOperationalStore(options =>
{
options.ConfigureDbContext = b =>
b.UseSqlServer(connectionString,
sql => sql.MigrationsAssembly(migrationsAssembly));
options.EnableTokenCleanup = true;
})
.AddAspNetIdentity<ApplicationUser>()
.AddSigningCredential("CN=IdentityServerCN")
;
if (Environment.IsDevelopment())
{
builder.AddDeveloperSigningCredential();
}
else
{
throw new Exception("need to configure key material");
}
services.AddAuthentication()
.AddGoogle(options =>
{
options.ClientId = "copy client ID from Google here";
options.ClientSecret = "copy client secret from Google here";
});
}
public void Configure(IApplicationBuilder app, ILoggerFactory loggerFactory)
{
loggerFactory.AddLog4Net();
ILog logger = LogManager.GetLogger(typeof(Startup));
if (logger.IsInfoEnabled)
{
string logMessage = "Starting Authenticaion Server";
logger.Info(logMessage);
}
if (Environment.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseStaticFiles();
app.UseCors();
app.UseIdentityServer();
app.UseMvcWithDefaultRoute();
}
}
}
And here is the definition of the angular client:
new Client
{
ClientId = "MyAngularClient",
AllowAccessTokensViaBrowser = true,
RequireClientSecret = false,
AccessTokenLifetime = 900,
RedirectUris = { "http://localhost:4200/index.html" },
PostLogoutRedirectUris = { "http://localhost:4200/index.html" },
AllowedCorsOrigins = { "http://localhost:4200" },
AllowedScopes = {
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"API1",
"API2",
"API3"
},
AllowOfflineAccess = true,
RefreshTokenUsage = TokenUsage.OneTimeOnly,
AbsoluteRefreshTokenLifetime = 7200,
SlidingRefreshTokenLifetime = 900,
RefreshTokenExpiration = TokenExpiration.Sliding
}
This is the typescript that makes the request:
import { AuthService } from './auth.service';
import { Injectable } from '@angular/core';
import { HttpClient, HttpHeaders } from '@angular/common/http';
import { EnvironmentUrlService } from './environment-url.service';
import { from } from 'rxjs';
@Injectable({
providedIn: 'root'
})
export class RepositoryService {
constructor(private http: HttpClient, private envUrl: EnvironmentUrlService, private _authService: AuthService) { }
public getData = (route: string) => {
return this.http.get(this.createCompleteRoute(route, this.envUrl.urlAddress));
}
private createCompleteRoute = (route: string, envAddress: string) => {
return `${envAddress}/${route}`;
}
}
What I have tried:
I've applied CORS Policies from both IdentityServer formus and Microsoft - they are included in the Startup.CS posted above