This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 59%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Dear Microsoft Community,
I am developing a Blazor front end.
Although in preflight response, those headers are included:
"
access-control-allow-headers: Origin,Content-Type
access-control-allow-methods: GET,HEAD,OPTIONS,PATCH,PUT,POST,DELETE
access-control-allow-origin: *
allow: POST
cache-control: no-cache
content-length: 76
content-type: application/json; charset=utf-8
date: Mon, 15 Nov 2021 16:30:35 GMT
expires: -1
pragma: no-cache
"
Here is back end
End Point
" // POST /api/users/login
[Route("login")]
[HttpPost]
public async Task<IHttpActionResult> Login([FromBody]AuthInfo loginRequest)
{
var userDbEntry = await Database.DatabaseManager.Instance.GetUserAsync(loginRequest.user);
var Message = new Dictionary<string, string>();
try
{
// Valid user
if (userDbEntry.NickName == loginRequest.user)
{
// Valid password
if (userDbEntry.Password == loginRequest.password)
{
// Authenticate the user
//authentication logic is here(hidden)
UserInfo userRecordInDatabase = await Database.DatabaseManager.Instance.GetUserAsync(userDbEntry.NickName);
Message.Add("hi","user")
return Json(Message);
}
else
{
//some logic
var unsuccessfulMessage = new Dictionary<string, string>();
unsuccessfulMessage.Add("something","something");
return Json(unsuccessfulMessage);
}
}
else
{
//some other logic
}
}
catch (Exception)
{
// catch exception here
}
}
//////
Global.asax.cs
namespace WebSite.Service
{
public class WebApiApplication : System.Web.HttpApplication
{
protected void Application_Start()
{
GlobalConfiguration.Configure(WebApiConfig.Register);
}
}
}
//////
WebApi.Config
namespace WebSite.Service
{
public static class WebApiConfig
{
public static void Register(HttpConfiguration config) {
// Web API configuration and services
config.MapHttpAttributeRoutes();
}
}
}
"
I got 405 status code and this error in console:
"Access to fetch at '[URL]' from origin 'http://localhost:2580' has been blocked by CORS policy:
Response to preflight request doesn't pass access control check: It does not have HTTP ok status."
From the above it becomes clear that the server allows cross-origin requests and methods, but still my request is blocked
Would you assist me!
Best Regards!
A 405 status is method not allowed. Most likely you are sending a POST to a URL not configured for POST. The CORS error is due to the error response is not CORS enabled. Unfortunately, we cannot see your code.
I successfully send post request to that url via postman. Have the same issue with vanila js-fetch api which i used before I decided to write the frontend with asp.net blazor where i use HttpClient.PostAsync method. I have a feeling the problem is in the server side.
This is my c# code in Blazor:
"public async Task<HttpResponseMessage> Login(User _user)
{
this.user = _user;
var jsonBody = new Dictionary<string, object>();
jsonBody.Add("user", user.uname);
jsonBody.Add("password", user.psw);
var uri = "https://api/login";
var content = new StringContent(JsonConvert.SerializeObject(jsonBody), Encoding.UTF8, "application/json");
var result = await httpClient.PostAsync(uri, content);
return result;
}
"
I have a feeling the problem is in the server side.
Your assessment does not make a lot of sense. If PostMan functions properly then the 405 issue is coming from your client code. The community needs both the client and the server code to figure out what's wrong. I question the use of a dictionary when the HttpClient support passing an model which is the recommend programming pattern found in the official docs.
Call a web API from ASP.NET Core Blazor
If you feel this is a CORS issue then share your server and client configuration.
Given your updated code., I believe the client call to "https://myAPI/login" does not match the actual API URL. Use the same URL you are using in PostMan.
I am deeply sorry about that mismatch. It was a typo I made in example and I fixed now. The URL I am using in postman is the same. This is not the issue.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
most likely the 405 CORS comes from the server throwing an error. the error page does not support CORS. be sure you are correctly logging error, and check your log.