How do I call a protected web api from a angular application

Question

I followed this doc: asp.net core web api and this doc for the SPA

However, when trying to make a web api call from my angular application (with the [authorize] attribute set) I receive the following error message in the console log:

Access to XMLHttpRequest at 'http://localhost/api/getcustomer' from origin 'http://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I'm able to successfully login to azure AD. However the Authorization header is missing from my api calls. I'm running the SPA in node/express. asp.net-core is backend.

I didn't create a separate app registration for the api. I did select, however to expose the api and created a scope.

401 is the status code: Not authorized.

score 0 · Answer 1 · answered Nov 12 '21 at 23:23

0

This error says that you must add a 'Access-Control-Allow-Origin' header to the HTTP response on the backend side.

For localhost, it would be Access-Control-Allow-Origin=http://localhost:4200.

Read about CORS for more information.

answered Nov 12 '21 at 23:23

JulienD

7,102
9
50
84

I edited orginal post to include 401 return code 'Not Authorized' Looks like thats a second item in console log. I think it's because the authorization header is not present in my api calls. How's MS's documentation says that angular & installed libraries will add it automatically. – lightbulb_1_110 Nov 13 '21 at 01:37

How do I call a protected web api from a angular application

1 Answers1