Builder for policy :
private CorsPolicy GenerateCorsPolicy()
{
var corsBuilder = new CorsPolicyBuilder();
corsBuilder.AllowAnyHeader();
corsBuilder.AllowAnyMethod();
corsBuilder.AllowAnyOrigin();
return corsBuilder.Build();
}
Adding policy to container
services.AddCors(
options =>
{
options.AddPolicy("AllowAllOrigins", GenerateCorsPolicy());
});
Telling Identity Server to use this policy :
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
options.Cors.CorsPolicyName = "AllowAllOrigins";
Configuring the rest of the app to use this policy too :
app.UseRouting();
app.UseIdentityServer();
app.UseAuthorization();
app.UseEndpoints(
endpoints =>
{
endpoints.MapControllers();
endpoints.MapRazorPages();
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
app.UseStaticFiles();
app.UseCors("AllowAllOrigins");
You control CORS in IdentityServer separately, using the AllowedCorsOrigins property in the Client defintions:
AllowedCorsOrigins =
{
"https://localhost:5001"
}
Your pipeline looks a bit odd as well:
app.UseStaticFiles();
app.UseCors("AllowAllOrigins");
I don't see any reason for adding middlewares after the UseEndpoints middleware in your case.
The pipeline looks like this and your incoming request progress through this pipeline and each middelware can take action on the request, it looks like this: