This project is read-only.

Cannot get CORS to work when using authentication cookies

Topics: ASP.NET Web API
Apr 11, 2013 at 5:54 PM

I'm using the latest nightly build and I have the following scenario.

I need to make authenticated calls to my web api from other domains. For this I'm using Azure ACS.

In order for the cross domain ajax calls (using jQuery 1.9.1) to send the FedAuth cookies, I must enable XHR withCredentials flag.

When I do this I get the following error from the browser:
Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.

How can I prevent CORS from sending "*" on the Access-Control-Allow-Origin and get it to send the requesting domain?
I don't control the requesting domains, it can be anything as these apis are meant to be called from anywhere, so I cannot use the EnableCorsAttribute Origins property.

Any help would be greatly appreciated.

Apr 11, 2013 at 6:46 PM
Did you set SupportsCredentials on the [EnableCors] attribute?
Apr 12, 2013 at 10:09 AM
No I did not. I somehow missed that property on the [EnableCors] attribute.

It works great!

Thanks for the input, Brock and sorry for the stupid question.