Fix for issues with Authentication

[higles]

HttpOptions do not pass auth info to the server. You should probably mention that Anonymous Authentication needs to be enabled in order for this to work. Also if you need to use Windows Authentication as well, make sure to add the [Authorize] attribute tags to the necessary methods.

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 59bca5db-1196-2a8b-a0d8-4e89b2382288
• Version Independent ID: d3f332c4-4c60-039e-0e1e-bc6b11831f87
• Content: Enable Cross-Origin Requests (CORS) in ASP.NET Core
• Content Source: aspnetcore/security/cors.md
• Product: aspnet-core
• Technology: aspnetcore-security
• GitHub Login: @Rick-Anderson
• Microsoft Alias: riande

[Rick-Anderson]

Moved to CORS master issue #17711

[mschluper]

Wait a minute! Did you just add a reference to the IIS CORS module? Is using this module a better solution than enabling Anonymous Authentication?

[mschluper]

https://www.iis.net/downloads/microsoft/iis-cors-module says:

"Once installed, the IIS CORS module is configured via a site or application web.config and has its own cors configuration section within system.webserver."

But miraculously it does not say how. And .net core does not use web.config anymore, as far as I know.

So how is this configuration done?

[mschluper]

https://docs.microsoft.com/en-us/iis/extensions/cors-module/cors-module-configuration-reference#cors-configuration