在Asp.net Web API中处理CORS预检 [英] Handling CORS Preflight in Asp.net Web API
问题描述
我的架构中有三个应用程序。
它们位于同一台服务器上,但端口号不同。
I have three applications in my architecture.
They are on the same server but having different port numbers.
A - Token Application (port 4444) - Asp.net WebApi
B - API Application (port 3333) - Asp.net WebApi
C - UI Application (port 2222) - AngularJS App.
申请流程如下:
1- UI项目从令牌应用程序获取令牌(它需要Windows身份验证)
Ex: awxrsdsaWeffs12da
1- The UI project gets the token from Token Application (It requires Windows Auth.)
Ex : awxrsdsaWeffs12da
2- UI应用程序将此标记放入自定义标头,该标头名为accessToken
2- UI application puts this token to a custom header which is named as "accessToken"
Ex:accessToken: awxrsdsaWeffs12da
Ex : accessToken : awxrsdsaWeffs12da
3- UI应用程序向API应用程序发送请求
Ex: http:myaddress:3333 / api / TheRestServiceHere
3- UI application sends a request to API Application
Ex: http:myaddress:3333/api/TheRestServiceHere
UI应用程序获得401错误。
哪个发送OPTIONS方法。 (我想预检问题)
UI application gets 401 Error. Which sends OPTIONS method. (I guess preflight issue)
在我的web api项目中,我启用了如下所示的Cors。
In my web api project I enabled Cors like this below.
public static void Register(HttpConfiguration config)
{
....
//CORS
var cors = new EnableCorsAttribute("*", "*", "*");
config.EnableCors(cors);
....
}
Config
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
//CORS
var cors = new EnableCorsAttribute("*", "*", "*");
config.EnableCors();
// Web API routes
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
var json = config.Formatters.JsonFormatter;
json.SerializerSettings.PreserveReferencesHandling = PreserveReferencesHandling.None;
json.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Ignore;
json.SerializerSettings.Formatting = Formatting.None;
json.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver();
config.Formatters.Remove(config.Formatters.XmlFormatter);
}
}
所以我正在寻找一种调用API应用程序的解决方案(B)控制器
并获得200:)
So I am looking for a solution to call API application (B) controllers and get 200 :)
问候
推荐答案
我通过创建一个响应使用OPTIONS动词的请求的模块,在我正在处理的应用程序中修复了这个问题。您可能应该稍微修改它以包含应用程序请求的动词和内容类型。在我的情况下,我决定将所有内容发布为JSON(需要进行飞行前检查)。该模块如下:
I fixed this in an application I am working on by creating a module that responds to requests that are using the OPTIONS verb. You should probably modify it a bit to include the verbs and content type that the application is requesting. In my case, I decided to post everything as JSON (which requires the pre-flight check). The module is as follows:
public class OptionsModule : IHttpModule
{
public void Init(HttpApplication context)
{
context.BeginRequest += (sender, args) =>
{
var app = (HttpApplication) sender;
if (app.Request.HttpMethod == "OPTIONS")
{
app.Response.StatusCode = 200;
app.Response.AddHeader("Access-Control-Allow-Headers", "content-type");
app.Response.AddHeader("Access-Control-Allow-Origin", APISettings.ApplicationOrigin);
app.Response.AddHeader("Access-Control-Allow-Credentials", "true");
app.Response.AddHeader("Access-Control-Allow-Methods", "POST,GET,OPTIONS");
app.Response.AddHeader("Content-Type", "application/json");
app.Response.End();
}
};
}
public void Dispose()
{
}
}
然后你需要在你的web.config中注册它:
Then you need to register it in your web.config:
<system.webServer>
<modules>
<add name="HandleOptions" type="namespace.OptionsModule" />
</modules>
</system.webServer>
您可能想要做的另一件事是明确指定允许的来源。 Chrome不喜欢在那里使用通配符。
Another thing you may want to do is specify the allowed origin explicitly. Chrome doesn't like having a wildcard there.
这篇关于在Asp.net Web API中处理CORS预检的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
