WCF处理CORS&选项VERB [英] WCF handling CORS & Options VERB
问题描述
我有一个wcf服务托管在IIS上。
几乎所有的文件说,要启用cors,你应该处理OPTIONS VERB。 (飞行前请求)
I have a wcf service hosted on IIS. Almost all the documents say that to enable cors, you should handle the OPTIONS VERB. (Pre-Flight Requests)
我有一个方法,其签名为:
I have a method whose signatures are :
[OperationContract]
[FaultContract(typeof(ExceptionManager))]
[WebInvoke(Method = "POST",
RequestFormat = WebMessageFormat.Json,
ResponseFormat = WebMessageFormat.Json,
BodyStyle = WebMessageBodyStyle.WrappedRequest,
UriTemplate = "PostLog")]
string PostLog(List<LoginEntry> LoginLog);
我创建了一个属性派生自IServiceBehavior&把这个班挂到我的服务&处理BeforeSendReply方法以添加Acces控件方法为:
I have created an attribute deriving from IServiceBehavior & hooked up this Class to my service & handled BeforeSendReply method to add Acces Control methods as :
public void BeforeSendReply(ref System.ServiceModel.Channels.Message reply, object correlationState)
{
var httpHeader = reply.Properties["httpResponse"] as HttpResponseMessageProperty;
httpHeader.Headers.Add("Access-Control-Allow-Origin", "*");
httpHeader.Headers.Add("Access-Control-Request-Method", "POST,GET,PUT,DELETE,OPTIONS");
httpHeader.Headers.Add("Access-Control-Allow-Headers", "X-Requested-With,Content-Type");
}
这在我在Firefox中创建testcall时没有帮助。所以我把它从这里&在Global.asax文件中添加为
This did not help me when i created a testcall in firefox. So i took it out from here & added this in Global.asax file as
protected void Application_BeginRequest(object sender, EventArgs e)
{
HttpContext.Current.Response.Cache.SetCacheability(HttpCacheability.NoCache);
HttpContext.Current.Response.Cache.SetNoStore();
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "*");
if (HttpContext.Current.Request.HttpMethod == "OPTIONS")
{
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS");
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, Accept");
HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "1728000");
HttpContext.Current.Response.End();
}
}
我可以在firefox 403中看到错误&我的标题不存在。
所以我去了&把这些标题放在IIS设置(自定义标题Tab)。 (我采取的风险,在每个响应中发送)。
现在我可以看到那些标题在firefox响应,但我仍然得到403错误。
这是响应头:
I could see in firefox 403 Error & my headers not being present. so i went ahead & put those headers in IIS settings (Custom headers Tab). (I took the risk of sending those in each response). Now i can see those headers in response in firefox, but I am still getting 403 Error. This is the response header :
HTTP/1.1 403 Forbidden
Connection: Keep-Alive
Content-Length: 1758
Date: Thu, 05 Mar 2015 14:47:25 GMT
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: Content-Type, Authorization, Accept
我还尝试在WebInvoke中改为Method =*。但仍然无法让它工作。
I also tried Changing to Method="*" in WebInvoke. but still could not get it to work.
感谢在前进..
推荐答案
所以终于得到它的工作。
这个帖子帮助了我。
So finally Got it to Work. This post helped me out.
发现问题出在IIS 6网站设置中。
Turns out that the problem was in IIS 6 Site settings.
通过以下步骤解决它:
在IIS中,选择Site - > RightClick(Properties) - >
In IIS, Select Site -> RightClick (Properties) ->
在目录标签下选择配置按钮。
Under the Directory Tab Select Configuration Button.
在映射标签下搜索扩展程序(.svc)
单击编辑。搜索标签限制动词到。
Under the Mappings Tab. Search for Extension (.svc) Click on Edit. Search for Label "Limit Verbs To".
以前的值为GET,HEAD,POST,DEBUG
Previous Value was "GET,HEAD,POST,DEBUG"
将其替换为GET,HEAD,POST,DEBUG,OPTIONS
Replaced It With "GET,HEAD,POST,DEBUG,OPTIONS"
此外,我从IIS中删除了所有这些标头配置已经在管理他们Global.asax)。
Also, I removed all those headers configs from IIS (coz I was already managing them Global.asax).
这篇关于WCF处理CORS&选项VERB的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
