Windows Authentication and Angular 7 application
Solution 1
You also need to allow SupportsCredentials in cross-origin requests.
Server Side (Web API):
Set the SupportsCredentials property to true
on the [EnableCors]
attribute:
[EnableCors(origins: "http://exampleclient.com", headers: "*",
methods: "*", SupportsCredentials = true)]
Solution 2
The fact that everything works when you type in your credentials means that this is a client-side problem, not server-side. The browser is not automatically sending your credentials.
Chrome and IE will automatically send the credentials of the currently-logged-on user only if the site is in the list of Trusted Sites in Internet Options.
- Open the Start menu.
- Type in "Internet Options" and click on it.
- Click the 'Security' tab.
- Click on the 'Trusted Sites' icon.
- Click the 'Sites' button.
- Add the domain for your website to the list. You can use wildcards.
This can also be set via group policy, so the setting can be pushed to every computer in your organization. See the answer here.
Firefox uses its own setting: network.negotiate-auth.delegation-uris
. I'm sure that could be set via group policy somehow too.
Related videos on Youtube
Narmina Seyidzade
Updated on June 04, 2022Comments
-
Narmina Seyidzade almost 2 years
I have developed intranet application
Backend: ASP.NET WEB API-2 (All controllers have Authorize attribute), Frontend: Angular 7 (after prod build I moved generated scripts to my backend project):
.... <app-root> <div id="preloader"></div> </app-root> <script type="text/javascript" src="~/Scripts/SPA/runtime.26209474bfa8dc87a77c.js"></script> <script type="text/javascript" src="~/Scripts/SPA/es2015-polyfills.bda95d5896422d031328.js" nomodule></script> <script type="text/javascript" src="~/Scripts/SPA/polyfills.8bbb231b43165d65d357.js"></script> <script type="text/javascript" src="~/Scripts/SPA/main.122a2bd84f391ab8df1d.js"></script> </body>
The problem is am getting prompted to enter my username/password after deployment to server.If user enters credentials it works perfectly, but I want the application to grab logged user automaticaly.
this is my web.config
<authentication mode="Windows" /> <authorization> <deny users="?" /> </authorization>
this is my interceptor in angular
import { Injectable } from '@angular/core'; import { HttpInterceptor, HttpRequest, HttpHandler, HttpEvent } from '@angular/common/http'; import { Observable } from 'rxjs'; @Injectable() export class CredentialsInterceptor implements HttpInterceptor { intercept(request: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> { request = request.clone({ withCredentials: true }); return next.handle(request); } }
in Visual Studio 2019 project settings
Anonymous Authentication:Enabled
Windows Authentication:Enabled
Managed Pipeline Mode: Integrated
Global.asax
protected void Application_BeginRequest(Object sender, EventArgs e) { //Preflight request comes with HttpMethod OPTIONS //The following line solves the error message //HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "http://localhost:4202"); HttpContext.Current.Response.AddHeader("Access-Control-Allow-Credentials", "true"); if (HttpContext.Current.Request.HttpMethod == "OPTIONS") { HttpContext.Current.Response.AddHeader("Cache-Control", "no-cache"); HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST"); HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept, Pragma, Cache-Control, Authorization"); HttpContext.Current.Response.End(); } }
-
Martin Johansson over 4 yearsHave you tried disabling "Anonymous Authentication"?
-
Narmina Seyidzade over 4 years@MartinJohansson, yes, didnt't work
-
Martin Johansson over 4 yearsOk, is your server IIS correctly setup with Enabled Intergrated security? This article might help. support.microsoft.com/sv-se/help/258063/…
-
-
Narmina Seyidzade over 4 yearsUnfortunately, didn't work. Still prompts for credentials