Request (using authorization in header) to asp.net core API from Angular 4 not working -


i struggling make requests using bearer token angular (4) asp net core api.

here how doing angular:

enter image description here

my api startup.cs code:

public void configureservices(iservicecollection services) {   services.addmvc();   services.addauthentication();    services.addcors(options =>   {     options.addpolicy("corspolicy",         builder => builder.allowanyorigin()         .allowanymethod()         .withheaders("authorization", "accept", "content-type", "origin"));   });    // add configuration singleton here   services.addsingleton<iconfiguration>(configuration);  }  public void configure(iapplicationbuilder app, ihostingenvironment env, iloggerfactory loggerfactory) {   app.usecors("corspolicy");   app.useoptions();   app.use(async (context, next) =>   {     await next();     if (context.response.statuscode == 404 &&        !path.hasextension(context.request.path.value) &&        !context.request.path.value.startswith("/api/"))     {       context.request.path = "/index.html";       await next();     }   });   app.useexceptionhandler(errorapp =>   {     errorapp.run(async context =>     {       context.response.statuscode = 500; // or status accordingly exception type       context.response.contenttype = "application/json";        var error = context.features.get<iexceptionhandlerfeature>();       if (error != null)       {         var ex = error.error;          await context.response.writeasync(ex.message, encoding.utf8);       }     });   });    var jwtauth = new jwtbeareroptions   {     automaticauthenticate = true,     automaticchallenge = true,     authority = $"{configuration["authentication:azuread:aadinstance"]}{configuration["authentication:azuread:tenantid"]}",     audience = configuration["authentication:azuread:clientid"],     tokenvalidationparameters =             new microsoft.identitymodel.tokens.tokenvalidationparameters             {               validissuer = configuration["authentication:azuread:issuer"]             }   };   app.usejwtbearerauthentication(jwtauth);     app.usemvcwithdefaultroute();   app.usedefaultfiles();   app.usestaticfiles(); }

but keep getting unauthorized error!

enter image description here
enter image description here

i have tried many solutions i've read online, here on stackoverflow (.net core usecors() not add headers, enable options header cors on .net core web api , how disable options request?), couldn't wort! :( when make request using postman, work.

ok ok .. terrible mistake.. can't believe spent hours trying figure out! problem between computer screen , chair.. adding headers authorization in wrong angular service!!!


Comments

Post a Comment

Popular posts from this blog

Is there a better way to structure post methods in Class Based Views -

i'm using class based views in django , never specify url in ajax calls , omit action parameter in form because know these requests go through post method of class based view. notice view - profile page make many requests depending on user updating on page - post method become convoluted , if/else mess example: def post(self, request, *args, **kwargs): # handle user changing available date if request.post.get('availabledate') != none: self.updateavailabledate(request) return jsonresponse({'result':'success'}) if request.post.get('newprojectname') != none: creative_user = creativeuserprofile.objects.get(id = request.user.id) project = project.create_project(creative_user, request.post['newprojectname']) project.save() return jsonresponse({'projectid': project.id }) if request.post.get('projectimage') != none , request.files['file']: proj...
Read more

performance - Why is XCHG reg, reg a 3 micro-op instruction on modern Intel architectures? -

i'm doing micro-optimization on performance critical part of code , came across sequence of instructions (in at&t syntax): add %rax, %rbx mov %rdx, %rax mov %rbx, %rdx i thought had use case xchg allow me shave instruction , write: add %rbx, %rax xchg %rax, %rdx however, dimay found agner fog's instruction tables , xchg 3 micro-op instruction 2 cycle latency on sandy bridge, ivy bridge, broadwell, haswell , skylake. 3 whole micro-ops , 2 cycles of latency! 3 micro-ops throws off 4-1-1-1 cadence , 2 cycle latency makes worse original in best case since last 2 instructions in original might execute in parallel. now... cpu might breaking instruction micro-ops equivalent to: mov %rax, %tmp mov %rdx, %rax mov %tmp, %rdx where tmp anonymous internal register , suppose last 2 micro-ops run in parallel latency 2 cycles. given register renaming occurs on these micro-architectures, though, doesn't make sense me done way. why wouldn't register renamer ...
Read more

c# - Asp.net web api : redirect unauthorized requst to forbidden page -

im trying redirect unauthorized request forbidden page instead i'm getting forbidden page in response body , how can fix ? here's startup class : app.createperowincontext(storecontext.create); app.createperowincontext<applicationusermanager>(applicationusermanager.create); app.createperowincontext<applicationsigninmanager>(applicationsigninmanager.create); app.usecookieauthentication(new cookieauthenticationoptions { authenticationtype = defaultauthenticationtypes.applicationcookie, expiretimespan = timespan.fromdays(30), }); app.useexternalsignincookie(defaultauthenticationtypes.externalcookie); app.usetwofactorsignincookie(defaultauthenticationtypes.twofactorcookie, timespan.fromminutes(5)); app.usetwofactorrememberbrowsercookie(defaultauthenticationtypes.twofactorrememberbrowsercookie); the method im trying reach : [httpget] [authorize(roles = "admin")] public string getcurrentusername() { return userman...
Read more