How to resolve CORS AllowAnyOrigin and AllowCredentials conflict in ASPNET CORE Web API

less than 1 minute read

When you implement an ASP.NET CORE Web API, you may want the API to support all clients from anywhere and enable credentials at the same time.

You need to make the CORS (Cross Origin Resource Sharing) configuration in your Web API.

The configuration would be like this:

But you’ll get the following error:

System.InvalidOperationException: 'The CORS protocol does not allow specifying a wildcard (any) origin and credentials at the same time. 
Configure the CORS policy by listing individual origins if credentials needs to be supported.'

To resolve this, you can make the following configuration.

SUN Jiangong

SUN Jiangong

A senior .NET engineer, software craftsman. Passionate about new technologies.