React cra and asp net core webapi external login cors issue


When developing a React CRA ( React App) with an ASP.NET Core , you may encounter an issue with CORS (Cross-Origin Resource Sharing) when trying to implement external login . This article aims to provide a solution to this problem by explaining the necessary steps and providing examples.

Understanding CORS

CORS is a security mechanism implemented in web browsers to restrict cross-origin . It ensures that resources (e.g., APIs) on one domain are not accessed by from another domain. By default, browsers block such requests to prevent potential security vulnerabilities.

Enabling CORS in ASP.NET Core WebAPI

To enable CORS in your ASP.NET Core WebAPI, you need to configure the CORS in the Startup.cs file. This can be done by adding the following code to the ConfigureServices method:

services.AddCors(options =>
        builder =>

This code configures a CORS policy named “AllowAllOrigins” that allows requests from any origin, method, and header. You can customize this policy according to your specific requirements.

Applying CORS Policy to Controllers

Once the CORS policy is configured, you need to apply it to your controllers. This can be done by adding the [EnableCors] attribute to the controller class or specific action methods. For example:

public class ExternalLoginController : ControllerBase
    // Controller actions

In this example, the [EnableCors("AllowAllOrigins")] attribute applies the “AllowAllOrigins” CORS policy to the ExternalLoginController class, allowing cross-origin requests to its actions.

CORS in React CRA

When making requests from your React CRA to the ASP.NET Core WebAPI, you need to ensure that the requests include the necessary CORS headers. This can be done by using the fetch API or any other HTTP client library.

Here's an example of making a GET request to the WebAPI from a React component:

fetch('', {
    method: 'GET',
    headers: {
        'Content-Type': 'application/json',
        'Access-Control-Allow-Origin': '*'
.then(response => response.json())
.then(data => {
    // Handle the response data
.catch(error => {
    // Handle any errors

In this example, the '-Control-Allow-Origin': '*' header is in the request to allow cross-origin access. '' with the actual URL of your ASP.NET Core WebAPI.


By configuring CORS in your ASP.NET Core WebAPI and including the necessary headers in your React CRA requests, you can solve the issue of external login CORS. This allows your React application to communicate with the WebAPI seamlessly and securely.

Rate this post

Leave a Reply

Your email address will not be published. Required fields are marked *

Table of Contents