blowdart / aspnetauthenticationworkshop Goto Github PK

The quality and detail of this doc was great.

Do you plan something similar for JWT instead of cookies? That would be really useful to those of us using an API server with Angular/etc client.

Thank you for providing a nice overview about this topic.

I was first just using the readme page and there in Step1 in the code example the used properties for the google options do not exist. (ConsumerKey, ConsumerSecret)

In the Step 1 folder you have the correct properties specified. (ClientId, ClientSecret)
Maybe you want to adjust that.

Was at MSBuild 2019, and your peers recommended I post the issue here... We are running WebAPI with CORS 'AllowAll' for inside the firewall services consumed by several servers (services run on build farm computers, web servers either local host, or production/preproduction/dev web servers).
Everything worked great until we enabled Integrated Auth. We realized that PUT/DELETE failing due to CORS, despite working OK when not using Authentication. From what I read, the CORS under IntegratedAuth does not honor * origin, but instead specific origin URL only.
What I'm trying to do is to use MiddleWare class to capture the preflight request URL, and inject into the preflight response header so that CORS is satisfied, but several of us have been stuck for days hitting our heads against the wall.

I'd love an example that can enable a PUT or DELETE verb on integrated auth from an ajax call in a page served from host running on a domain member computer (IISExpress, NodeJS or whatever) and have it successfull navigate the CORS preflight and execute the PUT or DELETE method. Ideally, the CORE API would work as expected, regardless of whether Integrated AUTH is being used or not.

Any thoughts?