CORS Error on Redirect for Auth

4 posts, 0 answers
  1. Joel
    Joel avatar
    209 posts
    Member since:
    Jun 2018

    Posted 14 Jan Link to this post

    I have a portal and an IdentityServer4 site for authentication.  When I load a page my Telerik Grid goes out to get the data.  My scenario is, if I let the page sit long enough to let the Token expire I expect the UI to redirect for login... but that doesn't happen.  The grid works fine when I have a valid Access Token.  I need this to redirect and be happy.  Instead, the grid returns no feedback and I get the following:

    Request (I removed the cookie gook):

    Invoke-WebRequest -Uri "https://localhost:44355/Customers/IndexJson" `
    -Method "POST" `
    -Headers @{
    "method"="POST"
      "authority"="localhost:44355"
      "scheme"="https"
      "path"="/Customers/IndexJson"
      "sec-ch-ua"="`"Google Chrome`";v=`"87`", `" Not;A Brand`";v=`"99`", `"Chromium`";v=`"87`""
      "accept"="*/*"
      "x-requested-with"="XMLHttpRequest"
      "sec-ch-ua-mobile"="?0"
      "user-agent"="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36"
      "origin"="https://localhost:44355"
      "sec-fetch-site"="same-origin"
      "sec-fetch-mode"="cors"
      "sec-fetch-dest"="empty"
      "referer"="https://localhost:44355/Customers"
      "accept-encoding"="gzip, deflate, br"
      "accept-language"="en-US,en;q=0.9"
    -ContentType "application/x-www-form-urlencoded; charset=UTF-8" `
    -Body "sort=&page=1&pageSize=20&group=&filter=&dateRangeIndex=3&isActiveIndex=0";
    Invoke-WebRequest -Uri "https://localhost:5001/connect/authorize?client_id=GsiPortal.App&redirect_uri=https%3A%2F%2Flocalhost%3A44355%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access%20email%20phone%20address%20roles%20IdentityServerApi%20Gsi.Activity.Api%20Gsi.Azure.Blob.Api%20Gsi.Azure.Comm.Api%20Gsi.Customer.Api%20Gsi.Cloud.Maintenance.Api&response_mode=form_post&nonce=...cleaned...-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0" -Headers @{
    "Referer"="https://localhost:44355/"
      "User-Agent"="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36"
    };
    Invoke-WebRequest -Uri "https://localhost:5001/connect/authorize?client_id=GsiPortal.App&redirect_uri=https%3A%2F%2Flocalhost%3A44355%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access%20email%20phone%20address%20roles%20IdentityServerApi%20Gsi.Activity.Api%20Gsi.Azure.Blob.Api%20Gsi.Azure.Comm.Api%20Gsi.Customer.Api%20Gsi.Cloud.Maintenance.Api&response_mode=form_post&nonce=...cleaned...-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0" `
    -Method "OPTIONS" `
    -Headers @{
    "method"="OPTIONS"
      "authority"="localhost:5001"
      "scheme"="https"
      "path"="/connect/authorize?client_id=GsiPortal.App&redirect_uri=https%3A%2F%2Flocalhost%3A44355%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access%20email%20phone%20address%20roles%20IdentityServerApi%20Gsi.Activity.Api%20Gsi.Azure.Blob.Api%20Gsi.Azure.Comm.Api%20Gsi.Customer.Api%20Gsi.Cloud.Maintenance.Api&response_mode=form_post&nonce=...cleaned...-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0"
      "accept"="*/*"
      "access-control-request-method"="GET"
      "access-control-request-headers"="x-requested-with"
      "origin"="https://localhost:44355"
      "user-agent"="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36"
      "sec-fetch-mode"="cors"
      "sec-fetch-site"="same-site"
      "sec-fetch-dest"="empty"
      "referer"="https://localhost:44355/"
      "accept-encoding"="gzip, deflate, br"
      "accept-language"="en-US,en;q=0.9"
    };
    Invoke-WebRequest -Uri "https://localhost:44355/Customers/IndexJson" `
    -Method "POST" `
    -Headers @{
    "method"="POST"
      "authority"="localhost:44355"
      "scheme"="https"
      "path"="/Customers/IndexJson"
      "sec-ch-ua"="`"Google Chrome`";v=`"87`", `" Not;A Brand`";v=`"99`", `"Chromium`";v=`"87`""
      "accept"="*/*"
      "x-requested-with"="XMLHttpRequest"
      "sec-ch-ua-mobile"="?0"
      "user-agent"="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36"
      "origin"="https://localhost:44355"
      "sec-fetch-site"="same-origin"
      "sec-fetch-mode"="cors"
      "sec-fetch-dest"="empty"
      "referer"="https://localhost:44355/Customers"
      "accept-encoding"="gzip, deflate, br"
      "accept-language"="en-US,en;q=0.9"
    } `
    -ContentType "application/x-www-form-urlencoded; charset=UTF-8" `
    -Body "sort=&page=1&pageSize=20&group=&filter=&dateRangeIndex=3&isActiveIndex=0";
    Invoke-WebRequest -Uri "https://localhost:5001/connect/authorize?client_id=GsiPortal.App&redirect_uri=https%3A%2F%2Flocalhost%3A44355%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access%20email%20phone%20address%20roles%20IdentityServerApi%20Gsi.Activity.Api%20Gsi.Azure.Blob.Api%20Gsi.Azure.Comm.Api%20Gsi.Customer.Api%20Gsi.Cloud.Maintenance.Api&response_mode=form_post&nonce=...cleaned...-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0" -Headers @{
    "Referer"="https://localhost:44355/"
      "User-Agent"="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36"
    };
    Invoke-WebRequest -Uri "https://localhost:5001/connect/authorize?client_id=GsiPortal.App&redirect_uri=https%3A%2F%2Flocalhost%3A44355%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access%20email%20phone%20address%20roles%20IdentityServerApi%20Gsi.Activity.Api%20Gsi.Azure.Blob.Api%20Gsi.Azure.Comm.Api%20Gsi.Customer.Api%20Gsi.Cloud.Maintenance.Api&response_mode=form_post&nonce=...cleaned...-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0" `
    -Method "OPTIONS" `
    -Headers @{
    "method"="OPTIONS"
      "authority"="localhost:5001"
      "scheme"="https"
      "path"="/connect/authorize?client_id=GsiPortal.App&redirect_uri=https%3A%2F%2Flocalhost%3A44355%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access%20email%20phone%20address%20roles%20IdentityServerApi%20Gsi.Activity.Api%20Gsi.Azure.Blob.Api%20Gsi.Azure.Comm.Api%20Gsi.Customer.Api%20Gsi.Cloud.Maintenance.Api&response_mode=form_post&nonce=...cleaned...-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0"
      "accept"="*/*"
      "access-control-request-method"="GET"
      "access-control-request-headers"="x-requested-with"
      "origin"="https://localhost:44355"
      "user-agent"="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36"
      "sec-fetch-mode"="cors"
      "sec-fetch-site"="same-site"
      "sec-fetch-dest"="empty"
      "referer"="https://localhost:44355/"
      "accept-encoding"="gzip, deflate, br"
      "accept-language"="en-US,en;q=0.9"
    }

    Errors:

    Customers#:1 Access to XMLHttpRequest at 'https://localhost:5001/connect/authorize?client_id=GsiPortal.App&redirect_uri=https%3A%2F%2Flocalhost%3A44355%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access%20email%20phone%20address%20roles%20IdentityServerApi%20Gsi.Activity.Api%20Gsi.Azure.Blob.Api%20Gsi.Azure.Comm.Api%20Gsi.Customer.Api%20Gsi.Cloud.Maintenance.Api&response_mode=form_post&nonce=637462512968208243.ZTllMzdmOGEtMzRlZS00YWZmLWExMGItNTI0NGEwMmNlYmE2MTQ5ZTIyZmMtMWQ4Yi00YWU3LTk2NTMtYTY2N2FjMzViNDkz&state=CfDJ8D424Yro--hNo8czS4g4Tz-M0hUZ8IWLi1m4T_Vf02s_0tj9j1HSSNWueJYBxRBUEaKtzsY2P5UDGqi81fSr7doRchzSEur_bDMgPj7KwjTD70DlRUhBCalBV3sz08X793e8JQTKwAp_Psp7VOeoM-XGKIpFW-flsS0Z1sHwIUusvFhkXQdvGNfWMlJ4xHMzweHEUNFqTxPkevdBetlRNnCcUExXZYArJDr2IcewGDAS0toh7L2TUWZQ3DT56aXG_18aLwRHSuNXuRzEE1c8GJMgj97cYy5mfW4QRNW9oGBFPe41dhASstz4VaVyinNEPw&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0' (redirected from 'https://localhost:44355/Customers/IndexJson') from origin 'https://localhost:44355' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
    jquery.min.js:4 GET https://localhost:5001/connect/authorize?client_id=GsiPortal.App&redirect_uri=https%3A%2F%2Flocalhost%3A44355%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access%20email%20phone%20address%20roles%20IdentityServerApi%20Gsi.Activity.Api%20Gsi.Azure.Blob.Api%20Gsi.Azure.Comm.Api%20Gsi.Customer.Api%20Gsi.Cloud.Maintenance.Api&response_mode=form_post&nonce=637462512968208243.ZTllMzdmOGEtMzRlZS00YWZmLWExMGItNTI0NGEwMmNlYmE2MTQ5ZTIyZmMtMWQ4Yi00YWU3LTk2NTMtYTY2N2FjMzViNDkz&state=CfDJ8D424Yro--hNo8czS4g4Tz-M0hUZ8IWLi1m4T_Vf02s_0tj9j1HSSNWueJYBxRBUEaKtzsY2P5UDGqi81fSr7doRchzSEur_bDMgPj7KwjTD70DlRUhBCalBV3sz08X793e8JQTKwAp_Psp7VOeoM-XGKIpFW-flsS0Z1sHwIUusvFhkXQdvGNfWMlJ4xHMzweHEUNFqTxPkevdBetlRNnCcUExXZYArJDr2IcewGDAS0toh7L2TUWZQ3DT56aXG_18aLwRHSuNXuRzEE1c8GJMgj97cYy5mfW4QRNW9oGBFPe41dhASstz4VaVyinNEPw&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0 net::ERR_FAILED
    send @ jquery.min.js:4
    ajax @ jquery.min.js:4
    read @ kendo.all.js:6404
    read @ kendo.aspnetmvc.js:257
    (anonymous) @ kendo.all.js:7524
    _queueRequest @ kendo.all.js:7790
    read @ kendo.all.js:7517
    gridRefresh @ Customers:214
    onclick @ Customers:171

    Grid:

            @(Html.Kendo().Grid<Customer>()
                .Name("grid")
                .Columns(columns =>
                {
                    columns.Command(command => command
                        .Custom("Select")
                        .Click("goDetail"))
                        .Width(Glossary.Portal.ButtonWidth);
                    columns.Bound(p => p.Name)
                        .Filterable(ftb => ftb.Cell(cell => cell.Operator("contains")
                            .ShowOperators(false)
                            .SuggestionOperator(FilterType.Contains)));
                    columns.Bound(p => p.LicenseRenewalTimestamp).Title("License Renewal");
                })
                .Pageable()
                .Sortable()
                .Scrollable()
                .Filterable(ftb => ftb.Mode(GridFilterMode.Row))
                .HtmlAttributes(new {style = "height:596px;"})
                .Selectable()
                .Navigatable()
                .DataSource(dataSource => dataSource
                    .Ajax()
                    .PageSize(20)
                    .Read(read => read.Action("IndexJson", "Customers")
                        .Data("gridGetData"))))

    Script:

        function gridRefresh() {
            var grid = $("#grid").getKendoGrid();
            grid.dataSource.read();
        }

        function gridGetData() {

            var isActiveIndex = $("#isActiveOptions").val();
            //alert("isActiveIndex: " + isActiveIndex);

            var dateRangeIndex = $("#dateRangeOptions").val();
            //alert("dateRangeIndex: " + dateRangeIndex);

            return {
                dateRangeIndex: dateRangeIndex,
                isActiveIndex: isActiveIndex
            };

            return null;
        }

     

  2. Anton Mironov
    Admin
    Anton Mironov avatar
    206 posts

    Posted 19 Jan Link to this post

    Hello Joel,

    Thank you for the provided details.

    This issue is caused because you need to custom handle the UnAuthorized error (401).

    In order to handle the unauthorized Ajax requests for binding the Kendo UI Grid, use the following article:

    Furthermore, you could use the following forum post answer approaches:

    Give the approaches above a try and let me know if further assistance is needed.


    Kind Regards,
    Anton Mironov
    Progress Telerik

    Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

  3. Joel
    Joel avatar
    209 posts
    Member since:
    Jun 2018

    Posted 19 Jan in reply to Anton Mironov Link to this post

    The examples don't work but they got me a step closer.  How can I interrogate the type of error?

    So, e.errorThrown is empty in this script:

    function error(e) {
        if (e.errorThrown === "Session expired") {
            location.href = e.xhr.getResponseHeader("Location");
        }
    }

     

    My current script.  I'm worried I could get into an event (endless) loop as this just reloads the current View.  This type of reload does cause the view to redirect to Identity Server and require a login... so, thats nice.  But, I need to know if the error thrown is due to authorization.

    function error(e) {
        var url = '@Model.CurrentRelativeUrl' + '@Model.GetUrlParameters()';
        //alert(url);
        window.location.href = url;
    }

     

     

     

     

  4. Anton Mironov
    Admin
    Anton Mironov avatar
    206 posts

    Posted 22 Jan Link to this post

    Hello Joel,

    Thank you for the code snippets provided.

    In the provided approach, there is a C# code, where the texts of the errors are manually implemented. This is the reason that they are not available in the JavaScript error function handler. Please double-check if you used the C# code at the beginning of the response:

    Try to implement the approach above and let me know if the issue persists.

    Best Regards,
    Anton Mironov
    Progress Telerik

    Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

Back to Top