This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 48%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESH%3C/text%3E%3C/svg%3E)
Hi there,
I used .NET Core 3.1 to create a Web API for specific purpose. I build up this API in SharePoint Farm and put it in the _layouts folder. I have another system called (A) will call this. We use the ADFS authentication.
I try to use two accounts from ADFS and try this. I got two different results.
(1) Account 1: It works well and (A) can put the data into the backend database via this custom API
(2) Account 2: Failed and I got the following error message:
Access to XMLHttpRequest at ''* from origin (https://adfs.litwareinc.com/adfs/ls? .....) *'
(redirected from 'https://intranet.litwareinc.com/_layouts/15/FolderName/APIHub.aspx?Mode=....') from origin 'https://intranet.litwareinc.com'
has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a prefight request.
and
net :: ERR_FAILED
I am wondering if anyone have ran into this before and have any idea on it?
Thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Generally this is caused by the server the ajax called redirecting to the login page rather than retuning an error on failed authentication. Because login pages don’t support CORS (they are html), you get this CORS error rather being unable to parse the response.