1

I would like to use the windows credentials for domain users to access a C# REST Api. The web app is a very simple Angular 12 app that currently just needs to display the version of the REST Api. I have a endpoint called /api/version that looks like this:

    [AllowAnonymous]
    [HttpGet]
    public IActionResult Get()
    {
        Assembly assembly = Assembly.GetExecutingAssembly();
        FileVersionInfo fileVersionInfo = FileVersionInfo.GetVersionInfo(assembly.Location);

        var versionInfo = new[]
        {
            new
            {
                company = fileVersionInfo.CompanyName,
                product = fileVersionInfo.ProductName,
                version = fileVersionInfo.FileVersion
            }
        };

        return Ok(versionInfo);
    }

calling http://test:5050/api/version in the browser displays the version info without any problems. If I remove the [AllowAnonymous] I get prompted to logon (my PC is not in the domain) - when I do this all good. This is what I want - all good!

My problem is if I access the endpoint in Angular:

    getVersion(): void {
        this._httpService.getVersion('/api/version').subscribe(
            (data) => {
                this.homeForm.patchValue(data)
            },
            (err) => console.error(err),
            () => console.log('done loading getting version info')
        )
    }

the httpService is very simple:

 getVersion(url: string): Observable<any> {
           return this.http.get(url)
    }
}

I have a button in the HTML that calls getVersion() -> when I press it I get get prompted to logon... I don't really understand why?

I am using all the newest versions of everything -> Visual Studio 2022, Angular 12 (that's still new, right 😊), IIS 10

Improve this question
5
  • Do you have any HTTP_INTERCEPTORS defined for HttpClient in Angular? I'm asking, because Common implementation for windows authentication will be to add {withCredentials: true} to request in interceptor. If so, this flag will be added to your request. Commented Jan 19, 2022 at 14:07
  • Something similar here -stackoverflow.com/questions/57147812/… Commented Jan 19, 2022 at 14:12
  • @Quercus only contenttype ==> const httpOptions = {headers: new HttpHeaders({ 'Content-Type': 'application/json'})} Commented Jan 20, 2022 at 15:05
  • If problem still persist, I would recommend you to install some traffic-capturing software (i.e. Fiddler), then run request directly from browser and from application and check in traffic inspector what is the difference between requests - what are headers and so on. Commented Jan 21, 2022 at 13:01
  • sorry to have not gotten back earlier - life! The problem is still persisting @quercus -> I'll give that a try. Thank you Commented Mar 15, 2022 at 12:43
Related questions
14
ASP.NET MVC5/AngularJS/Web API app using Windows Authentication and OWIN
2
Securing Web API web services, windows authentication
2
AngularJS web application using Windows Authentication
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.