0

We followed this project and wired up our MVC application to use the new ADAL bit but we are seeing the following error when the token expires:

XMLHttpRequest cannot load https://login.windows.net/0bccafdb-3696-4344-3269-991d0a93be57/oauth2/autho…QzLTk5MWUtOGE5KRLTIFMYWE3MTliNjU1YMJTLENi00YWIzLTllNDQtYmVmZWU4ZWFjMjQ1. The request was redirected to 'https://login.microsoftonline.com/login.srf?wa=wsignin1.0&wtrealm=https%3a%…ZAEkNmNhNzFiYTUtZWZhOS00YjE0LWExYTYtZjQ5NjgwMzU5NzEz7Q2&wp=MBI_FED_SSL&id=', which is disallowed for cross-origin requests that require preflight.

Related: CORS preflight request responds with 302 redirect in Azure hosted Web API

Improve this question

1 Answer 1

Reset to default
0

That sample is not meant to be used with XMLHttpRequest. It is secured via a redirect based protocol, which in turn requires full browser postbacks for performing authentication operations. That protocol is not designed to work with Web API and AJAX calls, and although it can work for testing purposes production use will force you into hacks and other bad tactical measures. If you want to make calls from JavaScript, please consider http://www.cloudidentity.com/blog/2015/02/19/introducing-adal-js-v1/.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Vittorio, can we do role-based authorization using github.com/AzureADSamples/SinglePageApp-WebAPI-AngularJS-DotNet approach ?
Only if you retrieve roles via graph api... The implicit flow won't include them in the token as it would become too big

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.