hi
Do I need to enable cors on OpenIddict separately? because I thought adding the following codes will handle the cors but as soon as Chrome want to send an options request, my app returns 400!
services.AddCors();
and
app.UseCors(builder =>
builder.AllowAnyHeader()
.AllowAnyMethod()
.AllowAnyOrigin()
);
I dont know If i need to add something else or not!
the configuration of openiddict is exactly as same as what I read from the wiki section if this project on github. and the project specifications are mentioned below
ASP.net Core v1.1
Client side : SPA Angularjs App using JWT Token
any help ?
Here is the configuration of openIdDict , it may help
public void ConfigureServices(IServiceCollection services)
{
services.Configure<ApplicationSettings>(x => Configuration.GetSection("AppSettings").Bind(x));
services.AddDbContext<AroosiDbContext>(options =>
{
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"), b => b.MigrationsAssembly("Aroosi.Api"));
options.UseOpenIddict();
});
services.AddIdentity<User, IdentityRole>()
.AddEntityFrameworkStores<AroosiDbContext>()
.AddDefaultTokenProviders();
// services.Configure<IdentityOptions>(options =>
// {
// options.ClaimsIdentity.UserNameClaimType = OpenIdConnectConstants.Claims.Name;
// options.ClaimsIdentity.UserIdClaimType = OpenIdConnectConstants.Claims.Subject;
// options.ClaimsIdentity.RoleClaimType = OpenIdConnectConstants.Claims.Role;
// });
// Register the OpenIddict services.
services.AddOpenIddict(options =>
{
options.AddEntityFrameworkCoreStores<AroosiDbContext>();
options.AddMvcBinders();
options.EnableAuthorizationEndpoint("/connect/authorize")
.EnableTokenEndpoint("/connect/token");
options.AllowPasswordFlow();
options.DisableHttpsRequirement();
options.UseJsonWebTokens();
options.AddEphemeralSigningKey();
});
services.AddMvcCore().AddJsonFormatters().AddJsonOptions(opts =>
{
opts.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver();
});
services.AddCors();
}
public async void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory, SeedData SeedData, UserManager<User> _userManager)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
app.UseIdentity();
app.UseOAuthValidation();
app.UseOpenIddict();
app.UseMvc();
app.UseCors(builder =>
builder.AllowAnyHeader()
.AllowAnyMethod()
.AllowAnyOrigin()
);
//InitializeAsync(app.ApplicationServices, CancellationToken.None).GetAwaiter().GetResult();
//app.UseMvcWithDefaultRoute();
}
Do I need to enable cors on OpenIddict separately?
You do.
Here is the configuration of openIdDict , it may help
You must register the CORS middleware before OpenIddict.
Don't forget to update your CORS policy to use specific origins (AllowAnyOrigin is not safe).
WOW thanks a lot, by registering the Cors before OpenIddict the problem solved really easy, thank you man. you saved my day
Glad it worked :smile:
Can I ask something else here ?! or I should create a new issue? now even if I don't send the JWT Bearer token in my request, the Authorize attribute won't deny it! (using postman) . Seems there is a logged in user already which allow the postman to fetch data from Authorize marked action without any token
@Foroughi do you use AddMvcCore()?
@PinpointTownes sorry for late responding , yes i used to which changing it to AddMVC fixed my issue
Most helpful comment
You do.
You must register the CORS middleware before OpenIddict.
Don't forget to update your CORS policy to use specific origins (
AllowAnyOriginis not safe).