Blog Post

System Center Blog
2 MIN READ

A brand new web console for Orchestrator 2019

Molish's avatar
Molish
Icon for Microsoft rankMicrosoft
Dec 16, 2021
System Center Orchestrator is the datacenter workflow management solution that's commonly used to automate datacenter operations including creation, monitoring, and deployment of data center resource...
Updated Aug 17, 2023
Version 2.0
System Center
System Center Orchestrator
jukedude's avatar
jukedude
Icon for Microsoft rankMicrosoft
Feb 04, 2022

PChip1976 Thanks for condensing the (very lengthy) setup steps nicely!

The sample WebApi `web.config` makes use of `<customHeaders>`, which as you rightly point out, limits the use of just one domain name for the WebConsole. I'd like to add another method of enabling CORS without relying on `customHeaders` or wildcard rewrite rules to replace the Allow-Origin header:

 

Install the IIS CORS module and use this as a sample `web.config`:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <location path="." inheritInChildApplications="false">
    <system.webServer>
      <!-- Setting failUnlistedOrigin=true will serve 403 when the request origin does not match the ones listed here.
      Setting it to false will also fail such requests but silently -->
      <cors enabled="true" failUnlistedOrigins="true">
        <!-- origin is the address used to access the WebConsole (not WebApi!) using a browser -->
        <!-- Here we are allowing user to browse the WebConsole on http://localhost:5001 -->
        <add origin="http://localhost:5001" allowCredentials="true" maxAge="7200">
          <allowMethods>
            <add method="GET" />
            <add method="PUT" />
            <add method="POST" />
            <add method="PATCH" />
            <add method="DELETE" />
          </allowMethods>
          <allowHeaders allowAllRequestedHeaders="true" />
        </add>
        <!-- Here we are allowing user to browse the WebConsole on http://test-machine.test.domain:5001 -->
        <add origin="http://test-machine.test.domain:5001" allowCredentials="true" maxAge="7200">
          <allowMethods>
            <add method="GET" />
            <add method="PUT" />
            <add method="POST" />
            <add method="PATCH" />
            <add method="DELETE" />
          </allowMethods>
          <allowHeaders allowAllRequestedHeaders="true" />
        </add>
        <!-- Add any number of "allowed" origins -->
      </cors>
      <handlers>
        <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
      </handlers>
      <aspNetCore processPath="dotnet" arguments=".\Orchestrator.WebApi.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess">
        <environmentVariables>
          <environmentVariable name="ASPNETCORE_ENVIRONMENT" value="Debug" />
          <environmentVariable name="Database__Database" value="Orchestrator" />
          <environmentVariable name="Database__Trusted_Connection" value="true" />
          <environmentVariable name="Database__Address" value="localhost" />
        </environmentVariables>
      </aspNetCore>
    </system.webServer>
  </location>
</configuration>
<!--ProjectGuid: 2b28e03a-bff3-4fa9-98ee-fd2db7d151d6-->

Hope this helps. We will update this CORS module option in the usage guide as well.