CORS problem with B2C and Azure App Service

谁都会走 提交于 2021-02-09 11:01:28

问题


I have enabled CORS in my ASP.NET/Angular application by using AddCors and EnableCors in controllers. My application is communicating with AD B2C pages. After build I have this error in the console :

Access to XMLHttpRequest at 'https://XXX.b2clogin.com/ (redirected from 'https://XXX.azurewebsites.net/User/Info') from origin 'https://XXX.azurewebsites.net' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Startup.cs :

            services.AddCors(options =>
        {
            options.AddPolicy("CorsPolicy",
                builder => builder.AllowAnyOrigin()
                .AllowAnyMethod()
                .AllowAnyHeader()
                .AllowCredentials());
        });

Controller :

[EnableCors("CorsPolicy")]
[Authorize]
public class UserEditController : Controller

I have enabled CORS on Azure too by putting : Allowed Origins - * .

UPDATE:

[Route("User/Info")]
[HttpGet]
public async Task<IActionResult> LoggedInUserInfo()
{
    if (User.Identity.IsAuthenticated)
    {
        var user = ((ClaimsIdentity)User.Identity).FindFirst(ClaimTypes.NameIdentifier).Value;
        var viewmodel = await userService.GetUserByObjectId(user);
        return Json(new { loggedIn = "true", user = viewmodel });
    }
    return Json(new { loggedIn = "false" });
}

回答1:


It appears that you're attempting a cross-origin request from the https://xxx.azurewebsites.net/ domain to the https://xxx.b2clogin.com/ domain.

Currently the .b2clogin.com domain doesn't allow any cross-origin requests from any other domain.



来源:https://stackoverflow.com/questions/54562349/cors-problem-with-b2c-and-azure-app-service

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!