Log in to start a topic

CORS trouble?

Posted by: bplett on 27 June 2023, 9:28 am EST

  • bplett

    Posted 27 June 2023, 9:28 am EST

    We are attempting to convert an old .NET Framework site to ASP.NET Core. The old site uses the obsolete Microsoft ReportViewer, and we’re now trying to use the ComponentOne report viewer. The old viewer authenticates against the SSRS server just fine. The ComponentOne viewer, on the other hand, produces a CORS error. (“Access to XMLHttpRequest at ‘…’ from origin ‘http://localhost:5000’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.”)

    My questions:

    1. Why does the ComponentOne viewer produce that error when the old viewer doesn’t?
    2. Is there anything I can do on the “client” side to get this working, or will it require a change to the SSRS server?

    Thanks!

    Brad.

  • manish.gupta

    Posted 27 June 2023, 11:58 am EST

    Hi Brad,

    If understood it correctly, you are getting the following console error on the browser:

    Access to XMLHttpRequest at ‘…’ from origin ‘http://localhost:5000’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

    And you have two different projects, one is for ReportViewer and another one is for C1 WebApi Report Service to access reports from the SSRS report server.

    This error occurs because of the Asp.Net Core project CORS policy. It can be fixed using the suggested solution in the documentation:

    https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-7.0

    Hope it helps!

    Regards,

    Manish Gupta

  • bplett

    Posted 27 June 2023, 1:20 pm EST

    I already have the following in my program:

    builder.Services.AddCors(o => o.AddPolicy("AllowAllOrigins", builder =>
{
    builder.AllowAnyOrigin()
            .AllowAnyMethod()
            .AllowAnyHeader();
}));

  • bplett

    Posted 27 June 2023, 4:38 pm EST

    Actually I’m starting to think CORS is a red herring. I’m thinking this may be an authentication issue. Whereas I have the following code in my app 

    app.UseReportProviders().AddSsrsReportHost("c1ssrs", ssrsUrl, new System.Net.NetworkCredential(ssrsUserName, ssrsPassword));
    I don’t think the authentication is happening.

    When I capture the network traffic generated by the old viewer there appears to be a challenge-response going on (i.e. a 401 followed by more traffic), but the ComponentOne viewer seems to stop at the 401. Any guess what I might be doing wrong?

  • bplett

    Posted 27 June 2023, 4:52 pm EST

    Yeah, I examined the network traffic capture more, and the ComponentOne viewer is not handling the NTLM authentication. How can I get that working properly?

  • manish.gupta

    Posted 29 June 2023, 2:45 pm EST

    Hi,

    Please make sure that you are also using the following code snippet to allow CORS:

    app.UseCors("AllowAllOrigins");

    The above-shared code is just for defining the CORS policy.

    Also, please check your SSRS report service is accessible with the provided credential from the browser. In that case, please try to the following code snippet:

    app.UseReportProviders().AddSsrsReportHost("mssrs", "http://url/ReportServer_DT2K12EE/", new System.Net.NetworkCredential("manish.gupta", "password"), C1.Web.Api.Report.AuthenticationType.Ntlm);

    Hope it helps!

    Regards,

    Manish Gupta

  • bplett

    Posted 30 June 2023, 1:11 pm EST

    No, sadly, those didn’t help. I still get a 401, and there is no NTLM negotiation going on at all.

  • manish.gupta

    Posted 3 July 2023, 3:01 am EST

    Hello Brad,

    We have created a My-support case which is our private portal to confirm and share the team link for the meeting.

    Here is the link:

    https://www.grapecity.com/my-account/my-support/case/a5ef70ed-6e19-ee11-8f6e-000d3a574715

    Regards,

    Manish Gupta

Need extra support?

Upgrade your support plan and get personal unlimited phone support with our customer engagement team

Learn More

Forum Channels

  • © 2023 MESCIUS inc. All Rights Reserved.  ·  1.800.858.2739

    All product and company names herein may be trademarks of their respective owners.