locked
Azure AD authentication for CORS requests RRS feed

  • Question

  • I have a web app that is an Angular JS app.  It makes CORS requests to the server to get resources, such as some partial html files.

    Each request gets intercepted by the AD login pipeline.  But it appears that each request is now being 302'd from a login page at

    https://login.windows.net/some_guid/oauth2/autho…als%2Fheader.html%23&nonce=483b16a27139498fbfc0979b9bd8dd97_20161115171241

    is being 302 redirected to

    https://login.microsoftonline.com/some_guid/oaut…als%2Fheader.html%23&nonce=483b16a27139498fbfc0979b9bd8dd97_20161115171241

    I'm getting an error with the page after the redirect - it appears the page at https://login.microsoftonline.com isn't set up for CORS.  So in my Chrome console i see the message

    'https://login.microsoftonline.com/some_guid/oaut…als%2Fheader.html%23&nonce=483b16a27139498fbfc0979b9bd8dd97_20161115171241' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://my-origin' is therefore not allowed access.

    This appears to have just showed up this morning, and looks like it is intermittently happening throughout the day across the various web apps where authentication is enabled.

    Tuesday, November 15, 2016 7:06 PM

All replies

  • Hi,

    Thank you for posting here!

    Just to confirm was it working before without any issues?

    I would suggest you to use fiddler to check the complete request failing trace and root cause of the issue.

    Please check the article to enable diagnostic logging for your Web App incase if you haven’t tried before and to know more details about the issue.

    Add the below configuration in your web.config file and check if that makes any difference.

    <system.webServer>
      <httpProtocol>
        <customHeaders>
          <add name="Access-Control-Allow-Origin" value="*" />
          <add name="Access-Control-Allow-Headers" value="Content-Type" />
          <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
        </customHeaders>
      </httpProtocol>
    </system.webServer>

    You may check the SO thread which addressed similar issue and let us know if that helps.

     

    Regards,

    Ashok

    ___________________________________________________________________

    When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer so that other customers can benefit from it.

    Wednesday, November 16, 2016 6:46 AM
  • Not sure, if the original issue reported here has been resolved. I am facing the same issue.

    Coming to setting the header entries in web.config. Despite the entries in web.config of target web app, the failure happens when the browser is passed a 302, with a login.microsoftonline.com error. Browser then rejects the CORS preflight check because the redirect is happening to a login.microsoftonline.com, although the endpoint requested was another app in azure. In my case the call is to - myapp-tenant.msappproxy.net.

    Regards, Nitin


    Saturday, May 13, 2017 4:42 PM
  • @Nitin

    This would require further investigation to find out the root cause. I would suggest you contact technical support for deeper analysis of the issue. Refer: How to create an Azure support request.

    The ticket will help you work closely with the support for immediate resolution.

    Monday, May 15, 2017 7:23 PM
  • Hi Nitin,

    did you ever got a working solution here? or a final statement?

    Because facing exactly the same issue..and running out of ideas.

    Regards, Marc

    Friday, December 1, 2017 9:16 AM
  • @m15ell

    It would be best if you have our support engineers check that for you to get to the root cause. Follow the link to create Azure Technical Support Request. It would also require your subscription details that are best done on the technical support channel and not on the public forums.

    -----------------------------------------------------------------------------------------------
    Do click on "Mark as Answer" and “Vote as Helpful” on the post that helps you, this can be beneficial to other community members.

    Wednesday, December 13, 2017 10:59 AM
  • Hi!
    I also get the same error and it states:
    Failed to load https://login.microsoftonline.com/......: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://my_site_url' is therefore not allowed access.





    Tuesday, December 19, 2017 12:21 PM
  • @Oskar Larsson

    As specified earlier, this would require further troubleshooting to find out the root cause. Follow the link to create Azure Technical Support Request. It would also require your subscription details that are best done on the technical support channel and not on the public forums.

    -----------------------------------------------------------------------------------------------
    Do click on "Mark as Answer" and “Vote as Helpful” on the post that helps you, this can be beneficial to other community members.

    Tuesday, December 26, 2017 5:50 PM