Windows authentication with upload component

I have an application running in Radzen 2.57.2 whch uses Active Directory authentication and the upload component. The code uses the example in the documentation at and works perfectly.

I've been asked to switch-over to Windows authentication on the application so, I changed the option in Radzen and removed my login page. When running from within the Radzen environment, the application works fine but, the upload component is now not functioning. When you try to upload a file, I get the following in the console:

If I try the upload a 2nd time, I now get:

Do you have any suggestions as to why changing the security type should cause this or how to work around it?

If I put a notify event handler on the Upload events Error branch with the detail set to ${result}, I can see this coming back in Chrome:

How does your ServerMethodsController look like? Does it have AuthorizeAttribute? Also check in the generated code that there is withCredentials: true. This should make sure that the current user credentials are submitted.

The ServerMethodsController looks like this (no AuthorizeAttribute):

The generated code does indeed have the withCredentials: true

Honestly I don't know why there would be a connection reset error. Perhaps it needs the Authorize attribute? You can try adding it to the ServerController and see if it makes a difference. Are the other controllers (created for the database) working as expected? You can also try adding a breakpoint to the method to see if it gets hit at all. An another thing you can try is trying to invoke a simple Sum custom method to see if it would work.

I've added the [Authorize(AuthenticationSchemes = "Bearer")] decorator to the ServerMethodsController with no difference. I've uncommented to skeleton Sum sample method in ServerMethodsController and when I try and execute that from my angular page, I still get the CORS error followed by a ERR_FAILED error:

Checking a few other custom methods I have, it seems that they all have the same issue when run with the application set to Windows Authentication. The error message points to a CORS issue but, I'm not sure why when I can see that the AllowAny CORS policy is defined in startup.cs. If I try and debug from the API end and put a breakpoint in the Sum method code, the breakpoint is never hit.

Try with just Authorize. Bearer isn't used in this windows authentication.

Some browsers display that error always when a HTTP request fails regardless of the cause.

Are the other controllers working? If they are the server methods should work too. I can't imagine a case where only custom server methods fail and the ODataControllers work as expected.

By the way what browser are you using?

I tried an Angular Radzen App with Windows Authentication and the Sum custom method seems to execute as expected. Here is the sample application (it uses the Sample Radzen MSSQL database as a datasource) (154.0 KB)

I tried everything I can think of including running your sample application yet, I got the same results in all cases.

After some playing over the weekend, I found that if I ran the browser under a different account and then re-tested, everything seemed to work fine. :roll_eyes:

Having done digging into the differences between the 2 accounts, I think I've found the cause....the number of Active Directory groups that the accounts have: HTTP 400 error responses to HTTP requests - Internet Information Services | Microsoft Docs It seems that if an account is in a large number of groups (which mine is) then things start to not work as expected. When running locally within Radzen, I just get the CORS error and connection resets shown in my original post but, when published to IIS, these are replaced by a "HTTP Error 400. The size of the request headers is too long" error. This also fits with why the applications works fine with Active Directory authentication but, fails with Windows Security. This is obviously not an issue with Radzen but, something to bear in mind if anyone else has similar issues....