Share via

angular Cors Response to preflight request

Tarek, Taher 90 Reputation points
2023-05-28T15:41:34.7+00:00

my system is angular client side and .net core backend. i'm trying to migrate the authentication process to azure AD to follow my corporate's SSO. after enabling Azure AD on client side using MSAL and on the backend following openID. from the client side i can login successfully and store the token in the local storage, even calling graph Api for some info retrieving and all of that is smooth. however I cant call my backend API from the angular cient as I always get

User's image

i spent a lot of time playing with the startup.cs cors policy and enabling any origin and any header with any method of specifying the certain domain but no luck so far i'm not able to bypass that error. i made sure of the order of app.usecors and app.usemvc. i checked and tried a lot of solutions but still no luck. is it issue from Azure AD? do i need to do something relating to cors on the angular client? please note the preflight part.

Developer technologies | ASP.NET | ASP.NET Core
Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Answer accepted by question author
  1. Bruce (SqlWork.com) 81,981 Reputation points Volunteer Moderator
    2023-05-28T15:53:19.45+00:00

    Your backend api call is redirecting to the azure html login page. Html pages do not support CORS.

    you should change you backend end api to return a 401 on authentication errors.

    as you are using msal, I assume you are passing a bearer token to your backend api. Did you define api permissions and scope for it. Did your login include this scope?

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.