Blazor, authentication cookies, Ajax requests - how to authorize

[clinically-au]

I am trying to integrate the Syncfusion Blazor WASM PdfViewer control.

I have it working now, but having a problem implementing authorisation.

The Syncfusion control requires a server-side controller to do the PDF processing.

One of the parameters to the SfPdfViewer control is the URL to the server-side controller.

The problem I have is that if I add the [Authorize] attribute to the server-side controller, it won't work because the authentication data from the cookie is not sent with the Ajax requests used by SfPdfViewerController.

You can, however, set the headers as per this link.

To test things out, I've tried adding the cookie names and values to the headers, but it still doesn't work.

Any thoughts or pointers to how I can get around this?

[clinically-au]

Found it. Answer here in case someone else needs it.

ABP already appropriately sets CORS policy, so ignore that bit of the Syncfusion docs.
In the AjaxHeaderSettings, set withCredentials to true:

<SfPdfViewer .....>
    <PdfViewerAjaxRequestSettings WithCredentials="true" .....></PdfViewerAjaxRequestSettings> 
</SfPdfViewer>