IIS vs IIS Express - CORS module wont work

Question

We have a REST API written ASPNET.CORE 6. We need to call this api from angular project, so some CORS ability is needed.

We successfully installed the CORS module to IIS from site https://www.iis.net/downloads/microsoft/iis-cors-module. The IIS is a v10.0.22000.708, runs on the developer computer.

The following config section is added to the REST API web.config:

<cors enabled="true" failUnlistedOrigins="true">
  <add origin="http://localhosts:4200" allowCredentials="true" />
  <add origin="http://localhost:4200" allowCredentials="true" maxAge="120" allowed="true">
    <allowMethods>
      <add method="DELETE" />
    </allowMethods>
  </add>
</cors>

The developer tried to start this REST API project on IIS Express on the very same developer computer (with the CORS module installed). It drops and error:

The requested page cannot be accessed because the related configuration data for the page is invalid.

If we remove the CORS section from web.config - it works again on IIS Express - but the angular cannot use the rest api because of the CORS problems.

The IIS Express is v10.0.25095.1000.

Is it possible to get the REST API works on IIS Express also, not just the local IIS? How to install the same CORS module to IIS Express directly?

It is very annoying, that the building process always hangs because the IIS locks the files in bin/debug folder... :(

Answer 1

There is nothing special. You just need the same CORS module on IIS Express, and I wrote about that,

https://halfblood.pro/how-to-install-microsoft-cors-module-for-iis-express-7ac24e4c3bc4

Answer 2

I am running a react app and when I run locally I have this setup for Cors (of course I am running the default kestrel not iisexpress)

in startup.cs

   public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            app.UseMiddleware<ExceptionMiddleware>();
            if (env.IsDevelopment())
            {
                app.UseSwagger();
                app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "My Api"));
            }

            //app.UseHttpsRedirection();

            app.UseRouting();
            app.UseDefaultFiles();
            app.UseStaticFiles();


            app.UseCors("CorsPolicy");
            app.UseAuthentication();

            app.UseAuthorization();

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllers();
                endpoints.MapFallbackToController("Index", "Fallback");
            });
        }

then I have an ApplicationServicesExtension class that has

  services.AddCors(opt => {
            opt.AddPolicy("CorsPolicy", policy => {
                policy.AllowAnyMethod()
                .AllowAnyHeader()
                .AllowCredentials()
                .WithExposedHeaders("WWW-Authenticate", "Pagination")
                .WithOrigins("http://localhost:3000");
            });
        });