I have angular 5 app and .net core 2.0 web api app hosted on azure as app services. Apps have two urls as below.
angularclient.azurewebsites.net
serviceapi.azurewebsites.net
The issue I am facing is angular app not receiving .AspNetCore.Antiforgery cookie that is sent by serviceapi. Http post request generated by angular app has "withCredentials: true" header. I have defined cors policy in service API as below.
app.UseCors(builder => builder.WithOrigins("angularclient.azurewebsites.net").AllowAnyMethod().AllowAnyHeader());
I have sent a request using POSTMAN and test if cookies are sent by the server. For the POSTMAN request cookies are receiving without any issue. When I host the apps in my test IIS server and check. On that environment application working fine. Help me to find a solution to this issue.