Here is the problem.
I have an .net core web-api application with azure-ad authentication.
When I've added necessary AzureAD section to my appsettings.json file and redirect url-s to appregistration my backend worked fine.
But later I added build of react project to wwwroot folder and now, when I try to call backend method with authorize attribute I get CORS error from Loginmicrosoftonline
[CORS error from Loginmicrosoftonline]
First of all, web api project should be a daemon application so it doesn't have a sign in page as normal, nor a redirect url for AAD. And we can integrate AAD to protect our api but the api shouldn't ask users to sign in first.
In your scenario, it looks like you want to let users sign in in your react frontend app, then generating access token to calling the protected web api. I think you need to refer to this sample to integrate MSAL library in your react app(this sample containing an api written in nodejs, you can ignore api part since you had asp.net core api), and this sample for protecting your web api. You may also take a look at this answer.
And go back to your CORS issue, it appeared because you didn't use MSAL.js in your react app but directly going to the login URL. Microsoft identity platform required developers to use the library. I used to using ajax request to send a get request to the login url, and I got Cors issue as well.
i have read a lot about DocuSign api and how they works, i figured out that they don't support cors.
For this reason i'm using an angular proxy configuration for my test environment, so i could do all my tests with my localhost.
The problem is that when i upload my project on a server i can no more use that proxy config, if i try to use it by replacing "localhost" with my domain name it returns me an html which is not an error from docusign but a sort of error related to my proxy conf.
I think i need create a cors gateway in my server in order to use the api, i've read a guide about that and it's very complicated since i'm only a frontend developer.
So my answer is:
is there any easier method to use these api in my online application?
can i obtain some sort of permissions from docusign which grants to my domaint to access their api calls without going into some sort of cors errors.
Thank you for attention
I work in DocuSign developer support. We do not support CORS. It is on our roadmap. Looks like you have your options, move the calls to DocuSign to the back-end or build a CORS gateway.
I am trying to build a portfolio website using react where I can showcase my projects and skills . I also want a seperate blog section in my website which lists my blog posts. I am aquatinted with node js and rest API so I can create a crud rest API for blog posts locally and use it to get all the blog posts .
How to deploy the blogs rest API online and make it secure such way that only I can access existing and submit new blog posts from my portfolio website after deployment ?
This may be too generalized of a question to give you exactly what you're looking for, but we can hit on some broad strokes to give you some idea.
Hosting. If you're using Heroku or similar, then they have their own instructions and guides on how to do deploy to their system. If you're self-hosting or are required to setup the host yourself, then you basically just need something that will load balance and auto-restart the node application so that it's always running. Commonly, you can use Docker or PM2 (or a combination of both) to do this. You can then put this behind a web server like Nginx or Apache to fine-tune your configuration.
Authentication. If the API is exposed to the public then you need a method of authentication. Commonly, you can use a system that leverages JWTs (login, sign a jwt with the user's ID, then have the client provide the jwt for each protected API request via authentication header or cookie, validate that the token hasn't expired and the user ID is correct, then respond back). You can use a middleware like Passport or write your own (imo Passport may be overkill for smaller projects).
I have created a simple api with a test controller and published it as an Azure Api App. I have public (anonymous) access enabled, the swagger ui works well in the browser and the swagger validates correctly, and I have added to it the default response setting that Logic Apps require.
When I try to add the Api App to my Logic App, however, I encounter a fault: "Error fetching swagger api definition".
If I try to browse the API definition in the portal I encounter another fault "Cannot get the API definition. It may require additional configuration or authentication on the API app."
If I try to download the swagger data from the portal link this fails with Http 400: Bad Request.
What am I missing here and how do I get this simple Api App working in the portal?
Public URI: https://microsoft-apiappf6c70a179b1b408c99e3f2536467ff39.azurewebsites.net
Swagger UI: https://microsoft-apiappf6c70a179b1b408c99e3f2536467ff39.azurewebsites.net/swagger/ui/index
Raw Swagger:
{"swagger":"2.0","info":{"version":"v1","title":"PE.Services.Idml"},"host":"microsoft-apiappf6c70a179b1b408c99e3f2536467ff39.azurewebsites.net:443","schemes":["https"],"paths":{"/api/ToEpl":{"get":{"tags":["ToEpl"],"operationId":"ToEpl_Get","consumes":[],"produces":["application/json","text/json","application/xml","text/xml"],"responses":{"200":{"description":"OK","schema":{"type":"array","items":{"type":"string"}}},"default":{"description":"OK","schema":{"type":"array","items":{"type":"string"}}}},"deprecated":false},"post":{"tags":["ToEpl"],"operationId":"ToEpl_Post","consumes":["application/json","text/json","application/xml","text/xml","application/x-www-form-urlencoded"],"produces":["application/json","text/json","application/xml","text/xml"],"parameters":[{"name":"value","in":"body","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"OK","schema":{"$ref":"#/definitions/Object"}},"default":{"description":"OK","schema":{"$ref":"#/definitions/Object"}}},"deprecated":false}},"/api/ToEpl/{id}":{"get":{"tags":["ToEpl"],"operationId":"ToEpl_Get","consumes":[],"produces":["application/json","text/json","application/xml","text/xml"],"parameters":[{"name":"id","in":"path","required":true,"type":"integer","format":"int32"}],"responses":{"200":{"description":"OK","schema":{"type":"string"}},"default":{"description":"OK","schema":{"type":"string"}}},"deprecated":false},"put":{"tags":["ToEpl"],"operationId":"ToEpl_Put","consumes":["application/json","text/json","application/xml","text/xml","application/x-www-form-urlencoded"],"produces":[],"parameters":[{"name":"id","in":"path","required":true,"type":"integer","format":"int32"},{"name":"value","in":"body","required":true,"schema":{"type":"string"}}],"responses":{"204":{"description":"No Content"}},"deprecated":false},"delete":{"tags":["ToEpl"],"operationId":"ToEpl_Delete","consumes":[],"produces":[],"parameters":[{"name":"id","in":"path","required":true,"type":"integer","format":"int32"}],"responses":{"204":{"description":"No Content"}},"deprecated":false}},"/api/Values":{"get":{"tags":["Values"],"operationId":"Values_Get","consumes":[],"produces":["application/json","text/json","application/xml","text/xml"],"responses":{"200":{"description":"OK","schema":{"type":"array","items":{"type":"string"}}},"default":{"description":"OK","schema":{"type":"array","items":{"type":"string"}}}},"deprecated":false},"post":{"tags":["Values"],"operationId":"Values_Post","consumes":["application/json","text/json","application/xml","text/xml","application/x-www-form-urlencoded"],"produces":[],"parameters":[{"name":"value","in":"body","required":true,"schema":{"type":"string"}}],"responses":{"204":{"description":"No Content"}},"deprecated":false}},"/api/Values/{id}":{"get":{"tags":["Values"],"operationId":"Values_GetById","consumes":[],"produces":["application/json","text/json","application/xml","text/xml"],"parameters":[{"name":"id","in":"path","required":true,"type":"integer","format":"int32"}],"responses":{"200":{"description":"OK","schema":{"type":"string"}},"default":{"description":"OK","schema":{"type":"string"}}},"deprecated":false},"put":{"tags":["Values"],"operationId":"Values_Put","consumes":["application/json","text/json","application/xml","text/xml","application/x-www-form-urlencoded"],"produces":[],"parameters":[{"name":"id","in":"path","required":true,"type":"integer","format":"int32"},{"name":"value","in":"body","required":true,"schema":{"type":"string"}}],"responses":{"204":{"description":"No Content"}},"deprecated":false},"delete":{"tags":["Values"],"operationId":"Values_Delete","consumes":[],"produces":[],"parameters":[{"name":"id","in":"path","required":true,"type":"integer","format":"int32"}],"responses":{"204":{"description":"No Content"}},"deprecated":false}}},"definitions":{"Object":{"type":"object","properties":{}}}}
I think this is because you have two routes with the same operationId (ToEpl_Get).
There are a few mitigations
Since Swashbuckle derives this from the action name in your api controller…you can change one of your action names…e.g. GetById instead of Get
Alternatively, the way to change operation id is to go to the SwaggerConfig.cs file add add a custom operation filter. The operation filter extension point will give you access to the operation and to change the id.
So sorry for the inconvenience, and we will be making our error reporting better soon.