WebAPI - Attribute Routing POST not working with WebAPI Cors?

Question

I have the following controller which should accept username and password as payload in a POST. If I change it to HttpGet it works.

[RoutePrefix("api")]
public class AccountController : ApiController
{
    [HttpPost("login/{username}/{password}")]
    [AcceptVerbs("POST")]
    public Login Login(string username, string password)
    {
        Login login = new Login();
        if (username == "user" && password == "pw") login.Success = true;
        else login.Success = false;
        return login;
    }
}

The OPTIONS request can pass through but POST fails.

OPTIONS header:

OPTIONS response:

POST header:

POST response:

Any idea what I'm doing wrong?

Answer 1

You have defined your route with [HttpPost("login/{username}/{password}")] but you don't send the usename and password in the url but in the request body so your route doesn't match so you get the 404.

So you need to change your route to [HttpPost("login")]

In itself it won't work because with Web.API you cannot have multiple action arguments coming from the request body so you need a complex type:

public class LoginInfo {
    public string username { get; set; }
    public string password { get; set; }
}

So for fixed action should look like this:

[HttpPost("login")]
[AcceptVerbs("POST")]
public Login Login(LoginInfo loginInfo)
{
    Login login = new Login();

    if (loginInfo.username == "user" && loginInfo.password == "pw") {
        login.Success = true;
    } else {
        login.Success = false;
    }

    return login;
}