I have an application with an Angular front end and a Asp.Net web service. I am using the HttpClient entity within Angular to make my web service calls.I have configured CORS and my GETs are working perfectly across the application using the following basic structure
let url = environment.base_url + 'api/SubDoc/GetDocument?docID=' + docID;
this.httpClient.get(url,
{
withCredentials: true
})
.subscribe(
response => {
console.log(response);
newData = response;
this.currentDocument = newData;
}
);
I have proven that CORS is working because I can hit the same service endpoint from my localhost session or from application sessions running on our QA and our Production servers as long as I edit the Origin values correctly in the my call to EnableCors
config.EnableCors(new EnableCorsAttribute(origins: "http://localhost:2453,http://localhost:2452,http://***,http://10.100.101.46", headers: headers, methods: methods) { SupportsCredentials = true });
headers and methods are defined as the following strings:
headers = "Origin, Content-Type, X-Auth-Token, content-type,application/x-www-form-urlencoded";
methods = "GET,PUT,POST,OPTIONS,DELETE";
However, I an unable to make a PUT request to the same service using the following HttpClient structure
let url = this.base_url + 'api/ContactGroup/Put';
// Try the new HttpClient object
this.httpClient.put(url, body,
{
headers: new HttpHeaders({ 'Content-Type': 'application/json' }),
withCredentials: true
})
.subscribe(
response=>{
let temp:number;
temp = parseInt(response.toString(),10);
if(!isNaN(temp)){
this.groupID = temp;
}
}
);
This PUT request runs perfectly when I connect from the same server (i.e. no CORS applicable) but fails with a preflight error when I attempt to connect from any other server.
Failed to load http://***/api/ContactGroup/Put: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:2452' is therefore not allowed access.
As I explained above I do have Access-Control-Allow-Origin headers defined and I believe I have included PUT and OPTIONS as supported methods.
I think the issue is related to the PUT request not sending the credentials. The GET requests have a credential item in the request header but the PUT does not even though I am using the withCredentials option.
This is what the headers look like for the PUT request:
Request URL: http://reitgc01/REITServicesQA/api/ContactGroup/Put
Request Method: OPTIONS
Status Code: 401 Unauthorized
Remote Address: 10.100.101.46:80
Referrer Policy: no-referrer-when-downgrade
Content-Type: text/html
Provisional headers are shown
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: PUT
DNT: 1
Origin: http://localhost:2452
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36
I have now spent multiple days on this issue and any assistance would be greatly appreciated.