AngularJS and OWIN Authentication on WebApi -

i have implemented owin token based authentication on webapi, have enabled cors calling app.usecors(microsoft.owin.cors.corsoptions.allowall)

i can access various unsecured portions of app angularjs web client. have used this http-interceptor , when try access protected resource, login pop.

now in order login have call http://mywebapi/token form encoded username password , grant_type, see header signature below (from chrome)

request url:http://mywebapi/token request headers caution: provisional headers shown. accept:application/json, text/plain, */* cache:false content-type:application/x-www-form-urlencoded origin:http://127.0.0.1:49408 referer:http://127.0.0.1:49408/ user-agent:mozilla/5.0 (macintosh; intel mac os x 10_9_3) applewebkit/537.36 (khtml, gecko) chrome/35.0.1916.153 safari/537.36 form dataview sourceview url encoded grant_type:password username:correctuser password:password 

when use postman send request, comes fine expected accesstoken, when try use angular's $http service, makes options request (i can see in dev tools console) reason error message

no 'access-control-allow-origin' header present on requested resource. origin 'http://127.0.0.1:49408' therefore not allowed access. 

note: happens /token request form-url-encoded, other json requests header added expected. can please help, running out of ideas.

thanks

i went through same process , spend (wasted?) same amount of time people, dealing owin + web api.

a solution worked me move

app.usecors(microsoft.owin.cors.corsoptions.allowall); 

before else in pipe.

here code:

owinstartup

[assembly: owinstartup(typeof(myapp.web.startup))] namespace myapp.web {     using owin;     using microsoft.owin;      public partial class startup     {         public void configuration(iappbuilder app)         {         var config = new system.web.http.httpconfiguration();         configureauth(app, config);         }     } } 

startup oauth

public partial class startup {     public void configureauth(iappbuilder app, system.web.http.httpconfiguration config)         {         // app.usewelcomepage("/");         // app.useerrorpage();          // must first set otherwise won't work.         app.usecors(microsoft.owin.cors.corsoptions.allowall);          app.createperowincontext<applicationdatabasecontext>(applicationdatabasecontext.create);         app.createperowincontext<applicationusermanager>(applicationusermanager.create);          app.useoauthbearerauthentication(new oauthbearerauthenticationoptions());          var oauthoptions = new oauthauthorizationserveroptions         {             allowinsecurehttp = true,             tokenendpointpath = new pathstring("/token"),             accesstokenexpiretimespan = timespan.fromdays(1),             provider = new daufauthorizationserverprovider(),             refreshtokenprovider = new simpleauthorizationserverprovider(),         };         app.useoauthauthorizationserver(oauthoptions);          app.usewebapi(webapiconfig.register(config, logger));         } } 

web api

public static class webapiconfig {     public static httpconfiguration register(system.web.http.httpconfiguration config, ilogger logger)         {             // web api configuration , services             // configure web api use bearer token authentication.             // used http header: "authorization"      value: "bearer 1234123412341234asdfasdfasdfasdf"             config.suppressdefaulthostauthentication();             config.filters.add(new hostauthenticationfilter(oauthdefaults.authenticationtype));              // web api routes             config.maphttpattributeroutes();              config.routes.maphttproute(                 name: "defaultapi",                 routetemplate: "api/{controller}/{id}",                 defaults: new { id = routeparameter.optional }             );              return (config);         } }