Thinktecture Identity Server Cors支持

Question

I'm currently stuck in a situation where by I have created a ASP Web API project and deployed in separately from my main MVC application, which uses the Thinktecture identity server for federated authentication.

The problem that i'm facing has to do with the web api cors support. More specifically, i authenticate my self in the mvc application but then when it sends requests to the web api i get the following error:

XMLHttpRequest cannot load XXX. The request was redirected to 'https://localhost/idsrv/issue/wsfed?wa=wsignin1.0&wtrealm=http%3a%2f%2floca…assive%2..., which is disallowed for cross-origin requests that require preflight. 

The error makes sense, because the request doesn't contain the Http headers that are needed by the WSFederationAuthenticatioModule to verify that i'm already logged on.

Is there any possible workaround that I'm not aware of?

Answer 1

As far as I see you have 3 issues here: 1. How to enable WIF authentication with the Web API.

For this you should use Thinktecture.IdentityModel.45 (or the one for MVC 5 - Thinktecture.IdentityModel) that exists as a NuGet package. See the sample here: Web Api security sample

1. After that you'll have to send the token in a security header in the Ajax request.
2. If your MVC site and your Web Api are not on the same domain then you'll have to handle CORS issues

For issues 2 & 3 see: Dog fooding our api authentication

This Should also give you a good idea of how to use the security token received in your MVC site to authenticate with your Web API.