Hi,
Does anyone have a Windows .Net Core API being accessed via Windows Authentication?
I have not been able to get this to work.
I have an .Net Core API hosted on my Windows 2022 server in IIS with Windows Authentication enabled. We have a on-premise Active Directory 2019 server doing the authentication.
If I go to the API URL in a browser, the Windows authentication window pops up, I enter my credentials, and I get the appropriate JSON data back.
I am now trying to access the API via a JavaScript fetch call from a page in our Intranet that also uses Windows Authentication (same server, different web site, same domain).
The fetch call listed below triggers a CORS preflight options request and response which succeeds.
fetch( user_url, {
method: 'GET',
mode: 'cors',
credentials: 'include',
dataType: 'json',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Negotiate',
'Access-Control-Request-Method': 'GET',
'Access-Control-Request-Headers': 'Content-Type, Authorization, WWW-Authenticate, additional-header',
},
} )
However the GET for the fetch fails with a "CORS Missing Allow Origin" error even though the pre-flight OPTIONS request succeeds and has the correct "access-control-allow-origin" header in it.
The API site has the IIS CORS Module enabled with an add origin with the URL of the server hosting the page doing the request and the Allowed Credentials="true" option set. The remaining options are set as in the documentation.
CORS settings in web.config for API site
<add origin="https://intranet.domaon" allowCredentials="true" maxAge="120" >
<add origin="https://intranet.domain" allowCredentials="true" maxAge="120" >
<allowHeaders allowAllRequestedHeaders="true">
<add header="header1" />
<add header="header2" />
</allowHeaders>
<allowMethods>
<add method="GET" />
</allowMethods>
<exposeHeaders>
<add header="header1" />
<add header="header2" />
</exposeHeaders>
</add>
```It seems to me that if the pre-flight OPTIONS request should work, the GET should work.
Has anyone gotten this scenario to work?
Thanks,
Charlotte