0

We have a REST API written ASPNET.CORE 6. We need to call this api from angular project, so some CORS ability is needed.

We successfully installed the CORS module to IIS from site https://www.iis.net/downloads/microsoft/iis-cors-module. The IIS is a v10.0.22000.708, runs on the developer computer.

The following config section is added to the REST API web.config:

<cors enabled="true" failUnlistedOrigins="true">
  <add origin="http://localhosts:4200" allowCredentials="true" />
  <add origin="http://localhost:4200" allowCredentials="true" maxAge="120" allowed="true">
    <allowMethods>
      <add method="DELETE" />
    </allowMethods>
  </add>
</cors>

The developer tried to start this REST API project on IIS Express on the very same developer computer (with the CORS module installed). It drops and error:

The requested page cannot be accessed because the related configuration data for the page is invalid.

If we remove the CORS section from web.config - it works again on IIS Express - but the angular cannot use the rest api because of the CORS problems.

The IIS Express is v10.0.25095.1000.

Is it possible to get the REST API works on IIS Express also, not just the local IIS? How to install the same CORS module to IIS Express directly?

It is very annoying, that the building process always hangs because the IIS locks the files in bin/debug folder... :(

Zoltan Hernyak
  • 989
  • 1
  • 14
  • 35

2 Answers2

1

There is nothing special. You just need the same CORS module on IIS Express, and I wrote about that,

https://halfblood.pro/how-to-install-microsoft-cors-module-for-iis-express-7ac24e4c3bc4

Lex Li
  • 60,503
  • 9
  • 116
  • 147
  • Yep, found your article (thanks a lot), downloaded the CORS module, installed, IIS started to work. Then I executed the install.ps1 only. After that IIS Express says "The requested page cannot be accessed because the related configuration data for the page is invalid.". – Zoltan Hernyak Mar 01 '23 at 06:34
  • 1
    @ZoltanHernyak You must provide a config file to `install.ps1` as your ASP.NET Core project uses its own config file, not the default config file under `My Documents`. "For VS 2015 and above, you must use -fileName switch to guide the script and modify the correct applicationHost.config file for your Visual Studio solution file. To learn more on how to locate the correct config file, you can read this article" is very important. – Lex Li Mar 01 '23 at 07:05
  • Now I must say a BIG THANK for you Sir! I missed that line - now I am ashamed :( Adding -filename and the filename, re-run your ps1 script - and indeed it works! Thanks :) and sorry :( – Zoltan Hernyak Mar 01 '23 at 07:25
-1

I am running a react app and when I run locally I have this setup for Cors (of course I am running the default kestrel not iisexpress)

in startup.cs

   public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            app.UseMiddleware<ExceptionMiddleware>();
            if (env.IsDevelopment())
            {
                app.UseSwagger();
                app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "My Api"));
            }

            //app.UseHttpsRedirection();

            app.UseRouting();
            app.UseDefaultFiles();
            app.UseStaticFiles();


            app.UseCors("CorsPolicy");
            app.UseAuthentication();

            app.UseAuthorization();

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllers();
                endpoints.MapFallbackToController("Index", "Fallback");
            });
        }

then I have an ApplicationServicesExtension class that has

  services.AddCors(opt => {
            opt.AddPolicy("CorsPolicy", policy => {
                policy.AllowAnyMethod()
                .AllowAnyHeader()
                .AllowCredentials()
                .WithExposedHeaders("WWW-Authenticate", "Pagination")
                .WithOrigins("http://localhost:3000");
            });
        });
Bryan Dellinger
  • 4,724
  • 7
  • 33
  • 79