Need to pass windows credentials cross domain to API

Try setting the withCredentials property to true when making the AJAX request to ensure that the client will send its credentials:

$http.get(url, { withCredentials: true, ...})

Basically what this flag will do is to set the withCredentials property on the underlying XMLHttpRequest native object.

Also you might need to include the Authorization header on the server to the Access-Control-Allow-Headers response.

My project is an Angular2-rc4 app calling a .NET Core 1.0.0 WebAPI cross domain. Adding to this answer in case it may help others.

I also posted this on this thread.

As mentioned by others, pass withCredentials true:

getUser() {    return this.http.get(this._apiUrl + "/account/GetUser", { withCredentials: true })        .toPromise()        .then(response => response.json().data)        .catch(this.handleError);}

In your WebAPI project you can set CORS policies in Startup.cs (instead of web.config):

public void ConfigureServices(IServiceCollection services){    var corsBuilder = new CorsPolicyBuilder();    corsBuilder.AllowAnyHeader();    corsBuilder.AllowAnyMethod();    corsBuilder.AllowAnyOrigin();    corsBuilder.AllowCredentials();    services.AddCors(options =>    {        options.AddPolicy("AllowAll", corsBuilder.Build());    });}public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory){    app.UseCors("AllowAll");}

Of course, set your policies based on your app's needs, this just allows all for testing. Example here and official .NET Core docs here provide more details.