c# - Aurelia Windows Authentication - Post 401 Unauthorized -


i'm totally stuck on implementing windows authentication 1 of .net core apps uses aurelia client side.

the aurelia application hosted on port:9000 , .net webapi hosted on port:9001.

the idea serve static pages .net app once app published in development use port:9000 because of browsersync provided aurelia.

when use port:9000 it's fine , dandy , have no issues posting or getting.

if switch port:9001 can still not post. posting results in 401 unauthorized.

if @ headers port:9000 requests..

get(success):

enter image description here

post(failed):

enter image description here

you can see there multiple headers missing in post reasons, importantly authentication cookie..

base-repo.js

import {inject} 'aurelia-framework'; import {httpclient, json} 'aurelia-fetch-client'; import {appsettings} '../infrastructure/app-settings';  @inject(httpclient, appsettings)  export class baserepo {     constructor(http, appsettings) {         http.configure(config => {             config                 .withdefaults({                     credentials: 'include',                     headers: {                         'accept': 'application/json'                     }                 })                 .withinterceptor({                     request(request) {                         console.log(`requesting ${request.method} ${request.url}`);                         return request;                     },                     response(response) {                         console.log(`received ${response.status} ${response.url}`);                         return response;                     }                 })         });          this.http = http;         this.baseurl = appsettings.api;     }      get(url) {         console.log('baserepo(get): ' + url);         return this.http.fetch(this.baseurl + url)             .then(response => { return response.json(); })             .then(data => { return data; });     }      post(url, data) {         console.log('baserepo(post): ' + url, data);         return this.http.fetch(this.baseurl + url, {             method: 'post',             body: json(data)         })             .then(response => response.json())             .then(data => { return data; });     } }

why working not post when using browsersync port?

edit 1

post(success) port:9001:

enter image description here

edit 2 console message post error:

options http://localhost:9001/api/myurls 401 (unauthorized)

fetch api cannot load http://localhost:9001/api/myurls. response preflight request doesn't pass access control check: no 'access-control-allow-origin' header present on requested resource. origin 'http://localhost:9000' therefore not allowed access. response had http status code 401. if opaque response serves needs, set request's mode 'no-cors' fetch resource cors disabled.

edit 3

startup.cs

public class startup     {         public startup(ihostingenvironment env)         {             var builder = new configurationbuilder()                 .setbasepath(env.contentrootpath)                 .addjsonfile("appsettings.json", optional: false, reloadonchange: true)                 .addjsonfile($"appsettings.{env.environmentname}.json", optional: true)                 .addenvironmentvariables();             configuration = builder.build();              env.configurenlog("nlog.config");         }          public iconfigurationroot configuration { get; }          public void configureservices(iservicecollection services)         {             services.addcors(options =>             {                 options.addpolicy("corspolicy",                     builder => builder.allowanyorigin()                         .allowanymethod()                         .allowanyheader()                         .allowcredentials());             });              services.addmemorycache();             services.addmvc();              services.injectwebservices();              services.addoptions();              //call in case need aspnet-user-authtype/aspnet-user-identity             services.addsingleton<ihttpcontextaccessor, httpcontextaccessor>();              services.addsingleton<iconfiguration>(configuration);         }          public void configure(iapplicationbuilder app, ihostingenvironment env, iloggerfactory loggerfactory)         {             app.usecors("corspolicy");              loggerfactory.addconsole(configuration.getsection("logging"));              loggerfactory.adddebug();              app.usemvc();              app.usedefaultfiles();              app.usestaticfiles();              //add nlog asp.net core             loggerfactory.addnlog();              //add nlog.web             app.addnlogweb();         }     }

you need enable cors in asp.net core project. there's information on how here: https://docs.microsoft.com/en-us/aspnet/core/security/cors.

when you're using port 9000, you're on different origin api, 9001, you're on same origin , therefore cors not apply.

the options requests known "preflighting". there's more information on here: https://developer.mozilla.org/en-us/docs/web/http/access_control_cors#preflighted_requests.


Comments

Post a Comment

Popular posts from this blog

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

i'm implementing inapp billing in android app. works well, however, i'm trying decouple broadcast receiver activity manifest. suggestion in android's trivialdrive sample: // important: dynamically register broadcast messages updated purchases. // register receiver here instead of <receiver> in manifest // because call getpurchases() @ startup, therefore can ignore // broadcasts sent while app isn't running. // note: registering listener in activity bad idea, done here // because sample. regardless, receiver must registered after // iabhelper setup, before first call getpurchases(). currently there's class extends broadcastreceiver : public class iabbroadcastreceiver extends broadcastreceiver { /** * intent action receiver should filter for. */ public static final string action = "com.android.vending.billing.purchases_updated"; private final iabbroadcastlistener mlistener; public iabbroadcastreceiver(iabbroadcastlistener listener) { m...
Read more

python Tkinter Capturing keyboard events save as one single string -

is possible store keyboard events 1 string? code below stores 1 char , prints it. card reader or bar code reader, contains collection of character/ string not 1 character @ time. goal save char pressed text variable. from tkinter import * root = tk() def key(event): text= event.char text+= event.char print ("pressed", text) def callback(event): frame.focus_set() print ("clicked at", event.x, event.y) frame = frame(root, width=100, height=100) frame.bind("<key>", key) frame.bind("<button-1>", callback) frame.pack() root.mainloop() currently, creating text variable , everytime key() function gets called, , text stores last character typed. you can define text module level variable , , use module level text inside key function - text = '' def key(event): global text text+= event.char print("pressed", text)
Read more

sql server - Why does Linq-to-SQL add unnecessary COUNT()? -

here tables: create table customer ( cid int primary key, name varchar(32) ) create table ord ( oid int primary key, cid int foreign key references customer, address varchar(20) ) here's linq-to-sql statement: var aaa = c in db.customer select new { c, o = c.ord.tolist() }; and here's inexplicable query generated linq-to-sql: select [t0].[cid] [cid], [t0].[name] [name], [t1].[oid] [oid], [t1].[cid] [cid2], [t1].[address] [address], (select count(*) [dbo].[ord] [t2] [t2].[cid] = [t0].[cid]) [value] [dbo].[customer] [t0] left outer join [dbo].[ord] [t1] on [t1].[cid] = [t0].[cid] order [t0].[cid], [t1].[oid] i want understand how rid of count(*) part. it's entirely uncalled for! linq needs count(*) in order determine number of entries returned o = c.ord.tolist() .
Read more