Identityserver4: ASP.NET Core CORS policy not working after integrating IdentityServer4
After integrating IdentityServer4, the CORS is not working which was working fine without the IdentityServer4. Does it need further configurations?
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy("AllowSpecificOrigin",
builder => builder
.WithOrigins("http://localhost:4200")
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials()
);
});
services.AddMvc();
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients());
services.AddMvcCore()
.AddApiExplorer()
.AddAuthorization()
.AddJsonFormatters();
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.Authority = "http://localhost:5000";
options.RequireHttpsMetadata = false;
options.ApiName = "userInfo";
});
services.AddSingleton<IConfiguration>(Configuration);
...
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseCors("AllowSpecificOrigin");
app.UseIdentityServer();
app.UseMvcWithDefaultRoute();
}
ghost
All 10 comments
Debug the HTTP traces. Check the IdSvr logs.
brockallen
on 12 Nov 2017
Its working fine when calling via Postman
ghost
on 12 Nov 2017
Most dev tools (postman) dont care about SOP (and hence obaying CORS headers) - so it will 'work' in postman.
Your startup looks weird. You've got .AddMvc() and also .AddMvcCore() can't remember of the top of my head, but I think AddMvc adds an opinionated set of services (a default configuration). So one, or the other, is unnecessary.
I think that also idsrv sets cors headers itself based on allowed cors origins on a per client configuration.
Try reviewing your startup (remove explicit cors setup) and try with that.
Hope that helps!
Not really following your setup here? Is this to configure identity server as a standalone service or are you trying to run identoty server on top of an existing project?
What is running on port 5000 and what is on 4200? Is 5000 what this (identity server) is running on and 4200 is some web application which needs to access this server (the one on 5000)
Mardoxx
on 12 Nov 2017
@Mardoxx Yes I'm running IdentityServer on the same existing project which is on port 5000 and the angular app is running on port 4200.
ghost
on 13 Nov 2017
All set on this issue -- can we close?
brockallen
on 19 Nov 2017
And.... was solved?
v1d3rm3
on 22 Mar 2018
In Configure.cs, i changed lines and work it. I think it's a bug.
When it was:
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseIdentityServer();
app.UseCors("default");
app.UseAuthentication();
app.UseMvc();
}
It gives me a 'CORS' error, but when i changed:
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseCors("default");
app.UseIdentityServer();
app.UseAuthentication();
app.UseMvc();
}
It worked.
@brockallen
v1d3rm3
on 22 Mar 2018
Yes, CORS config needs to come prior to any authentication middleware.
brockallen
on 22 Mar 2018
Thanks for feedback!
v1d3rm3
on 23 Mar 2018
work for me!
inferiore
on 2 Nov 2018
Related issues
nukec
路
3Comments
ekarlso
路
3Comments
osudude
路
3Comments
garymacpherson
路
3Comments
agilenut
路
3Comments
Most helpful comment
In
Configure.cs, i changed lines and work it. I think it's a bug.When it was:
It gives me a 'CORS' error, but when i changed:
It worked.
@brockallen