I have angular , Entity Framework and MS SQL server. I need to have Backend set on MS IIS because I need to have domain authentication. Unluckily I still get problems with CORS.

When I have in my web.config file:

I get in the browser: "has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'http://localhost' that is not equal to the supplied origin"

When I change it to:

I get: "has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute."

Any idea what should I change?

Next changes:

Error in browser: "has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains the invalid value 'true'."

In fiddler I can see: Security Access-Control-Allow-Origin: true

It looks like the values are not being added to given headers.

Next change: I installed CORS module for IIS and the file looks like:

The answer in browser now is: "HTTP Error 404.0 - Not Found The resource you are looking for has been removed, had its name changed, or is temporarily unavailable. " Is it better now? What could be next steps?