I followed the example SinglePageApp-DotNet and it worked fine.
Then I want to make the single page application to call a CORS enable web api. Both applications are secured by AAD and deployed to Azure websites, I can't make it work. I followed the examples of https://github.com/omercs/corsapisample and https://github.com/matvelloso/AngularJSCORS to every words, but I got 'Authorization has been denied for this request' error.
When I disabled the [Authorize] attribute for the controller action, it worked. So I think the CORS setting is correct. From the log I can see that the CORS preflight (OPTION call) was successful.
Any idea how to solve the problem? Thanks very much for your help.
If you see 401 response code from your CORS api endpoint, it means token is not accepted at your service. You need to match the audience in the token and audience in the cors api project config.
Enable for Oauth2 implicit:
By default, applications provisioned in Azure AD are not enabled to use the OAuth2 implicit grant. Using the Manage Manifest button at the app config inside Azure AD section, download the manifest file for the application and save it to disk. Open the manifest file with a text editor. Search for the oauth2AllowImplicitFlow property. You will find that it is set to false; change it to true and save the file. Using the Manage Manifest button, upload the updated manifest file. Save the configuration of the app.
You can use Fiddler to get the tokens and inspect them if there is any issues. If permission settings are right, CORS API endpoint will accept the token.
FYI. We now have an official sample demonstrating how to use CORS with ADAL JS and Angular. You can find code and detailed instructions in https://github.com/AzureADSamples/SinglePageApp-WebAPI-AngularJS-DotNet
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.