All geek questions in one place

What is Microsoft.Owin.Cors middleware when used with ASP.NET Web Api 2.0?

I have an ASP.NET Web Api 2.0 project with token authentication and all that is done mainly after this article:

Token-based authentication using ASP.NET Web API 2, Owin and Identity , a bit of technology

But I'm afraid to understand what exactly this line of code in my Startup.cs does:

app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);

This does not cause Web Api to add the Access-Control-Allow-Origin header to my API responses, in other words, it does not allow Cors in my Web Api (still trying to figure out how to do this, by the way), It doesn't even add it to the bearer token authentication server response. I must have this code for my OAuthAuthorizationServerProvider:

 public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });

to enable Cors in marker provider endpoint responses.

So what is Microsoft.Owin.Cors middleware? Because everywhere I read about Web Api 2.0 and Cors this line of code

 app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);

:

+6
source share
1 answer

thanks for my tutorial.

This LOC app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll); used to enable CORS for the API itself (any controller inheriting from ApiController ).

But for the Authz server and /token endpoint, this does not affect, so I have to add context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }); . This endpoint is not part of the API and is not inherited from the ApiController class.

Hope this answers your question.

+5
source

Source: https://habr.com/ru/post/978087/

More articles:


All Articles