问题
I have enabled CORS in my ASP.NET/Angular application by using AddCors and EnableCors in controllers. My application is communicating with AD B2C pages. After build I have this error in the console :
Access to XMLHttpRequest at 'https://XXX.b2clogin.com/ (redirected from 'https://XXX.azurewebsites.net/User/Info') from origin 'https://XXX.azurewebsites.net' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Startup.cs :
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder => builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
});
Controller :
[EnableCors("CorsPolicy")]
[Authorize]
public class UserEditController : Controller
I have enabled CORS on Azure too by putting : Allowed Origins - * .
UPDATE:
[Route("User/Info")]
[HttpGet]
public async Task<IActionResult> LoggedInUserInfo()
{
if (User.Identity.IsAuthenticated)
{
var user = ((ClaimsIdentity)User.Identity).FindFirst(ClaimTypes.NameIdentifier).Value;
var viewmodel = await userService.GetUserByObjectId(user);
return Json(new { loggedIn = "true", user = viewmodel });
}
return Json(new { loggedIn = "false" });
}
回答1:
It appears that you're attempting a cross-origin request from the https://xxx.azurewebsites.net/ domain to the https://xxx.b2clogin.com/ domain.
Currently the .b2clogin.com domain doesn't allow any cross-origin requests from any other domain.
来源:https://stackoverflow.com/questions/54562349/cors-problem-with-b2c-and-azure-app-service