6

I have a ASP.NET Core Server running on local IP https://192.168.188.31:44302 with Web API Enpoints. I can connect to said server with VS Code REST Client. Now I want to conenct to the Web API with Blazor WebAssembly running on https://192.168.188.31:5555.

My Blozor Code:

@page "/login"
@inject HttpClient Http

[ ... some "HTML"-Code ... ]

@code {
    private async Task Authenticate()
    {
        var loginModel = new LoginModel
        {
            Mail = "[email protected]",
            Password = "s3cr3T"
        };
        var requestMessage = new HttpRequestMessage()
        {
            Method = new HttpMethod("POST"),
            RequestUri = ClientB.Classes.Uris.AuthenticateUser(),
            Content =
                JsonContent.Create(loginModel)
        };

        var response = await Http.SendAsync(requestMessage);
        var responseStatusCode = response.StatusCode;

        var responseBody = await response.Content.ReadAsStringAsync();

        Console.WriteLine("responseBody: " + responseBody);
    }

    public async void LoginSubmit(EditContext editContext)
    {
        await Authenticate();
        Console.WriteLine("Debug: Valid Submit");
    }
}

When I now trigger LoginSubmit I get the following error-message in the developer console of Chrome and Firefox: login:1 Access to fetch at 'https://192.168.188.31:44302/user/authenticate' from origin 'https://192.168.188.31:5555' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

I'm new to web development and found that you have to enable CORS on the server-side ASP.NET Core project, so I extended startup.cs with

readonly string MyAllowSpecificOrigins = "_myAllowSpecificOrigins";

public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<UserDataContext, UserSqliteDataContext>();

services.AddCors(options =>
{
    options.AddPolicy(name: MyAllowSpecificOrigins,
        builder =>
        {
            builder.WithOrigins("https://192.168.188.31:44302",
                "https://192.168.188.31:5555",
                "https://localhost:44302", 
                "https://localhost:5555")
            .AllowAnyHeader()
            .AllowAnyMethod();
        });
});

services.AddControllers();
services.AddApiVersioning(x =>
{
...
});

services.AddAuthentication(x =>
    ...
});
services.AddAutoMapper(AppDomain.CurrentDomain.GetAssemblies());

services.AddScoped<IViewerService, ViewerService>();
}

public void Configure(IApplicationBuilder app,
    IWebHostEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }

    Program.IsDevelopment = env.IsDevelopment();

    app.UseHttpsRedirection();
    app.UseRouting();

    app.UseAuthentication();
    app.UseAuthorization();
    app.UseCors(MyAllowSpecificOrigins);

    app.UseEndpoints(endpoints =>
    {
        endpoints.MapControllers();
    });

    Log.Initialize();
}

But I still get above error message. Am I doing something wrong with configuring CORS? Why is it working as expected with the VS Code REST Client and how am I making the call wrong in the Blazor WASM application?

Improve this question
7
  • You are configuring CORS on the server, right? It's not clear form the code.
    – Henk Holterman
    Commented Jul 12, 2020 at 20:17
  • yes the last code excerpt was from file startup.cs from my server-side ASP.NET Core project. Do I have to configure something else too (or more)?
    – user3079834
    Commented Jul 14, 2020 at 16:41
  • 1
    The Configure() method is sensitvie to the order of adding items, better post the full version.
    – Henk Holterman
    Commented Jul 14, 2020 at 17:08
  • 1
    In your with origin you have :55555 (5x5) in the error it states :5555 (4x5), is that just a typo?
    – CobyC
    Commented Jul 14, 2020 at 17:26
  • @CobyC you have a really good eye, the correct port is 5555 - I fixed it, but still the same error.
    – user3079834
    Commented Jul 14, 2020 at 18:00

2 Answers 2

Reset to default
6

Step 1: Please add following code in your WebAPI's Startup.cs to allow CORS with specific origins:

    services.AddCors(options =>
    {
        options.AddDefaultPolicy(builder =>
        builder.WithOrigins("https://localhost:44351")
        .AllowAnyHeader()
        .AllowAnyMethod());
    });

Step 2: Now change "https://localhost:44351" in above code with your blazor web assembly application's URL. Refer below screen shot:

enter image description here

Step 3: Now add app.UseCors() in your WebAPI's Configure method after app.UseRouting() and before app.UseRouting(). Please refer below screen shot:

enter image description here

I was also facing same issue and it solved my problem. Hope it will also work for you.

Note: No changes required in Blazor web assembly code to fix the above issue.

Improve this answer
3
  • 1
    I missed the "with your blazor web assembly application's URL" at first. which is a different port number of course. Once I put the address of the calling blazor app it worked great.
    – Dick de Reus
    Commented Apr 22, 2021 at 20:30
  • @DickdeReus it is good to know that it worked for you. Thanks for your comment.
    – Brijesh Kumar Tripathi
    Commented Apr 23, 2021 at 3:38
  • 1
    thanks! these 2 calls also work in .NET 6.0 (in Program.cs)
    – symbiont
    Commented Dec 10, 2021 at 18:31
5

The issue causing the error message login:1 Access to fetch at 'https://192.168.188.31:44302/user/authenticate' from origin 'https://192.168.188.31:5555' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. was caused by HttpsRedirection.

To resolve the issue, either deactivate HttpsRedirection by removing the line app.UseHttpsRedirection(); in function Configure or add the proper ports for redirection in function ConfigureServices (recommended way).

In my case, I start my WebAPI at port 44302, so my solution looks like this (you have to adapt it to your port number):

if (Program.IsDevelopment)
{
    services.AddHttpsRedirection(options =>
    {
        options.RedirectStatusCode = StatusCodes.Status308PermanentRedirect;
        options.HttpsPort = 44302;
    });
}
else
{
    services.AddHttpsRedirection(options =>
    {
        options.RedirectStatusCode = StatusCodes.Status308PermanentRedirect;
        options.HttpsPort = 443;
    });
}

Also note that it is sufficient to add the IP address of the requesting API to CORS like this:

services.AddCors(options =>
{
    options.AddPolicy(name: specificOrigins,
        builder =>
        {
            builder.WithOrigins("https://192.168.188.31:5555",
                "http://192.168.188.31:5444")
            .AllowAnyHeader()
            .AllowAnyMethod();
        });
});
Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.