.NET框架4.0 - 在CORS的WebAPI实施 [英] CORS implementation in WEBAPI - .net framework 4.0

问题描述

我有点新的的WebAPI，我想在网页API实现CORS（跨源资源共享）。我指的是这个微软链接。他们利用安装的NuGet包

I am bit new to webAPi and I want to implement CORS (Cross Origin Resource Sharing) on Web API. I am referring to this Microsoft link. They install a Nuget package using

PM> Install-Package Microsoft.AspNet.Cors -Version 5.0.0-rc1 -Pre

不过，我使用的.NET Framework 4.0，这是行不通的。后来我用这个命令的NuGet：

However, I am using .NET Framework 4.0 and it is not working. Afterwards I used this Nuget command:

Install-Package Microsoft.AspNet.WebApi -Version 4.0.20710

但它不包含CORS类。所以，做我们必须实现CORS任何其他不同的方式？

But it does not contain the CORS class. So, do we have any other different way to implement CORS?

推荐答案

我用下面为我工作正常（以为不能确定4.0客户端配置文件位）：

I use the following and works fine for me (thought not sure about the "4.0 client profile" bit) :

public class CorsHandler : DelegatingHandler
{
    private const string Origin = "Origin";
    private const string AccessControlRequestMethod = "Access-Control-Request-Method";
    private const string AccessControlRequestHeaders = "Access-Control-Request-Headers";
    private const string AccessControlAllowOrigin = "Access-Control-Allow-Origin";
    private const string AccessControlAllowMethods = "Access-Control-Allow-Methods";
    private const string AccessControlAllowHeaders = "Access-Control-Allow-Headers";

protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
    bool isCorsRequest = request.Headers.Contains(Origin);
    bool isPreflightRequest = request.Method == HttpMethod.Options;
    if (isCorsRequest)
        {
            if (isPreflightRequest)
            {
                var response = new HttpResponseMessage(HttpStatusCode.OK);
                response.Headers.Add(AccessControlAllowOrigin, request.Headers.GetValues(Origin).First());

                string accessControlRequestMethod = request.Headers.GetValues(AccessControlRequestMethod).FirstOrDefault();
                if (accessControlRequestMethod != null)
                {
                    response.Headers.Add(AccessControlAllowMethods, accessControlRequestMethod);
                }

                string requestedHeaders = string.Join(", ", request.Headers.GetValues(AccessControlRequestHeaders));
                if (!string.IsNullOrEmpty(requestedHeaders))
                {
                    response.Headers.Add(AccessControlAllowHeaders, requestedHeaders);
                }

                var tcs = new TaskCompletionSource<HttpResponseMessage>();
                tcs.SetResult(response);
                return tcs.Task;
            }

            return base.SendAsync(request, cancellationToken).ContinueWith(t =>
            {
                HttpResponseMessage resp = t.Result;
                resp.Headers.Add(AccessControlAllowOrigin, request.Headers.GetValues(Origin).First());
                     return resp;
                });
            }
            return base.SendAsync(request, cancellationToken);
        }
    }

记住你的应用程序开始进行注册（我在G​​lobal.asax中）

Remember to register it in you app start (mine in global.asax)

GlobalConfiguration.Configuration.MessageHandlers.Add(new CorsHandler());

这篇关于.NET框架4.0 - 在CORS的WebAPI实施的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！