.net 6 cors problem for Preflight OPTIONS request 401 Unauthorized error

Question

I am making a CORS PUT request and setting the Content-Type header to json. This triggers a Preflight OPTIONS request to fire. In my program file I have (see below) I getting back 401 Unauthorized error (see image) . What can I do to get this to work

builder.Services.AddControllers();
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen(c =>
{
    c.SwaggerDoc("v1", new OpenApiInfo { Title = "Internal Store Data API", Version = "v1" });
});

builder.Services.AddAuthentication(NegotiateDefaults.AuthenticationScheme)
   .AddNegotiate();

builder.Services.AddAuthorization(options =>
{
    // By default, all incoming requests will be authorized according to the default policy.
    options.FallbackPolicy = options.DefaultPolicy;
});

builder.Services.AddCors(options =>
{
    options.AddPolicy(
      "CorsPolicy",
      builder => builder
                .AllowAnyMethod()
               .AllowAnyHeader()
               .SetIsOriginAllowed(origin => true) // allow any origin
               .AllowCredentials()
      );
});



// Start Database Connection
// End Database Connection

// Start Repositories
// End Repositories

// Start UseCases
// End UserCases


var app = builder.Build();

// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment() || app.Environment.IsProduction())
{
    app.UseDeveloperExceptionPage();
    app.UseSwagger();
    app.UseSwaggerUI(c =>
    {
        c.SwaggerEndpoint("/swagger/v1/swagger.json", "Internal Store Data API V1");
        c.RoutePrefix = String.Empty;
    });
}

app.UseHttpsRedirection();
app.UseCors("CorsPolicy");

app.UseAuthorization();
app.UseAuthentication();
app.MapControllers();

app.Run();

enter image description here

I tried adding this but it only works on localhost ( when I running it on VS but not when it hosted )

"iisSettings": {
"windowsAuthentication": true,
"anonymousAuthentication": true,
"iisExpress": {
  "applicationUrl": "http://localhost:8791/",
  "sslPort": 0
}

Please help

Answer 1

i cant see that you are actually adding any origins try this, adding your allowed origins in

    /*
    * cors
    * 
    */
    string MyAllowSpecificOrigins = "_myAllowSpecificOrigins";
    
    string[] origin = { your allowed origins here };
    
    builder.Services.AddCors(options =>
    {
        options.AddPolicy(name: MyAllowSpecificOrigins,
                          builder =>
                          {
                              builder.WithOrigins(origin
                                                  )
                                                   .AllowAnyHeader()
                                                   .AllowAnyMethod();
                          });
    });

...

app.UseCors(MyAllowSpecificOrigins);

i am not sure on this part of your solution:

 .SetIsOriginAllowed(origin => true) // allow any origin

there is this method though which might be the one you want:

  ...
  .AllowAnyOrigin()

EDIT though looking at your issue doesnt even look like CORS it looks like authentication issue, you arent getting past authentication