Finally, I was able to figure out how to resolve the above Issue. Since I cannot answer my own question here so I am posting the solution here:
Solution: I removed all the above code and started fresh, as mentioned below with files:
Startup.cs:
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy(
"CorsPolicy",
builder => builder.WithOrigins("http://localhost:4200")
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
});
services.AddAuthentication(IISDefaults.AuthenticationScheme);
.....
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseCors("CorsPolicy");
app.UsePreflightRequestHandler();
.......
}
launchSettings.json: I set Anonymous and Windows Authentication to true
{
"iisSettings": {
"windowsAuthentication": true,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:5000",
"sslPort": 0
}
},
"$schema": "http://json.schemastore.org/launchsettings.json",
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"TPIGO.WebAPI": {
"commandName": "Project",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
},
"applicationUrl": "http://localhost:5000"
}
}
}
Then, in Angular:
Add, withCredentials: true as otions
Now, comes the explanation to this solution.
As I mentioned in my problem statement, the GET request was working fine, but the issue was with the POST request.
In case of POST request, the browser was sending OPTIONS request first to authenticate with the server but this request will never reach the Server and that was the reason I was not able to handle the request in PreflightRequestMiddleware.
The OPTIONS request was failing because the API was configured for Windows Authentication and OPTIONS request was not carrying any Authentication with them.
That is the reason I enabled Anonymous Authentication in launchSettings.json.
But, when I enable Anonymous Authentication I started getting 500 Internal Server errors, and investigating it further I came to know that I need to provide Authentication Scheme.
Then I added services.AddAuthentication(IISDefaults.AuthenticationScheme); in Startup.cs files ConfigureServices(IServiceCollection services) method. and everything works like a charm.
Remember to add
withCredentials: true with every request you send to the API that needs Authentication.
If anyone has any doubts or confusion feel free to ask here. I am not closing this post so that others can share their doubts here wrt the solution I mentioned.
NOTE: I am still using PreflightRequestMiddleware just to do some additional stuff on Request and Response, but this middleware is not required.
public class PreflightRequestMiddleware
{
private readonly RequestDelegate Next;
public PreflightRequestMiddleware(RequestDelegate next)
{
Next = next;
}
public Task Invoke(HttpContext context)
{
return BeginInvoke(context);
}
private Task BeginInvoke(HttpContext context)
{
return Next.Invoke(context);
}
}
public static class PreflightRequestExtensions
{
public static IApplicationBuilder UsePreflightRequestHandler(this IApplicationBuilder builder)
{
return builder.UseMiddleware<PreflightRequestMiddleware>();
}
}