带有WEBAPI的休息服务中的access-control-allow-origin不允许使用origin [英] Origin is not allowed by access-control-allow-origin in rest services with WEBAPI
本文介绍了带有WEBAPI的休息服务中的access-control-allow-origin不允许使用origin的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
Hello Everyone,
我们使用Web API创建了REST服务,并成功部署在我们的测试服务器上。当使用POSTER检查这些服务时(工具在Mozilla中作为插件出现并用于测试服务),我们可以获得完美的输出。但是当我们进行Jquery Ajax调用时,我们
面对错误来源 - 控制 - 允许 - 来源+休息服务不允许。为了解决这个问题,我们即将使用JSONP,但jsonP会进行CSRF或XSRF攻击。因此,我们必须找到另一种选择。
这是我以前用来称呼服务的代码。
function GetAllAssets(){
$ .ajax({
type:POST,
url:http: //xyz.com/VAMSyncServices/api/VAM/GetAllAssets,
data:{'logInInfo':{'UserName':'Admin','Password':'passwprd'},'astAssetIDInternal':' ','lastSyncDate':'','startSyncDate':''},
contentType:application / json; charset = utf-8,
dataType:json,
async:false,
成功:OnGetAllAssetsSuccess,
错误:OnGetAllAssetsError
});
}
函数OnGetAllAssetsSuccess(数据,状态){
alert(data+ data);
alert(status+ status);
}
函数OnGetAllAssetsError(请求,状态,错误){
alert(status+ status);
alert(错误);
}
我们正在使用Windows Server 2003和2008,服务器配置中有什么可以解决这个或任何其他问题替代。这是下面显示的休息服务代码的问题吗?
这是一个功能的功能代码:
[HttpPost]
public HttpResponseMessage GetAllSites(Models.LogInInfo logInInfo)
{
Models.LogWriter.WriteEventLog(UserName:+ logInInfo.UserName +password) :+ logInInfo.Password);
RESTLibrary.User用户;
try
{
BusinessObjects.SiteQuery sq = new BusinessObjects.SiteQuery(s);
BusinessObjects.VisibleSitesQuery vs = new BusinessObjects.VisibleSitesQuery(v);
BusinessObjects.UserRoleQuery urq = new BusinessObjects.UserRoleQuery(r);
//获取Vam On Demand数据库名称并设置ES对象的连接属性的代码。
Models.LogWriter.WriteEventLog(UserName:+ logInInfo.UserName +password:+ logInInfo.Password);
user = Models.Common.AuthenticateUser(logInInfo.UserName,logInInfo.Password);
if(user == null)
{
throw new Exception(User not authenticated。);
}
Int32 RoleID = user.GetUserRoleID();
sq.Select(sq.SiteCode,
sq.SiteDescription,
sq.SiteIDInternal,
sq.SiteName
).Where(sq.SiteID.In(vs .Select(vsSiteID)。Where(vsRoleID.In(urq.Select(urq.RoleID)。Where(urq.UserID == user.UserID)))));
BusinessObjects.SiteCollection sites = new BusinessObjects.SiteCollection();
< pre lang =cs> sites.Load(sq);
var siteList =来自网站中的s
选择新的Models.Site
{
SiteCode = s.SiteCode,
SiteDescription = s.SiteDescription,
SiteIDInternal =(Guid)s.SiteIDInternal,
SiteName = s.SiteName
};
HttpResponseMessage message = Request.CreateResponse(HttpStatusCode.OK,siteList.ToList());
返回消息;
}
catch(exception ex)
{
// return string.Empty;
var response = new HttpResponseMessage(HttpStatusCode.Conflict);
response.Content = new StringContent(ex.Message);
抛出新的HttpResponseException(响应);
}
}
此函数只返回在中创建的网站列表申请。
谢谢,
解决方案
.ajax({
类型:POST,
url:http://xyz.com/VAMSyncServices/api/VAM/GetAllAssets,
data:{'logInInfo':{'UserName': 'Admin','Password':'passwprd'},'astAssetIDInternal':'','lastSyncDate':'','startSyncDate':''},
contentType:application / json; charset = utf -8,
dataType:json,
async:false,
成功:OnGetAllAssetsSuccess,
错误:OnGetAllAssetsError
});
}
函数OnGetAllAssetsSuccess(数据,状态){
alert(data+ data);
alert(status+ status);
}
函数OnGetAllAssetsError(请求,状态,错误){
alert(status+ status);
alert(错误);
}
我们正在使用Windows Server 2003和2008,服务器配置中有什么可以解决这个或任何其他问题替代。这是下面显示的休息服务代码的问题吗?
这是一个功能的功能代码:
[HttpPost]
public HttpResponseMessage GetAllSites(Models.LogInInfo logInInfo)
{
Models.LogWriter.WriteEventLog(UserName:+ logInInfo.UserName +password) :+ logInInfo.Password);
RESTLibrary.User用户;
try
{
BusinessObjects.SiteQuery sq = new BusinessObjects.SiteQuery(s);
BusinessObjects.VisibleSitesQuery vs = new BusinessObjects.VisibleSitesQuery(v);
BusinessObjects.UserRoleQuery urq = new BusinessObjects.UserRoleQuery(r);
//获取Vam On Demand数据库名称并设置ES对象的连接属性的代码。
Models.LogWriter.WriteEventLog(UserName:+ logInInfo.UserName +password:+ logInInfo.Password);
user = Models.Common.AuthenticateUser(logInInfo.UserName,logInInfo.Password);
if(user == null)
{
throw new Exception(User not authenticated。);
}
Int32 RoleID = user.GetUserRoleID();
sq.Select(sq.SiteCode,
sq.SiteDescription,
sq.SiteIDInternal,
sq.SiteName
).Where(sq.SiteID.In(vs .Select(vsSiteID)。Where(vsRoleID.In(urq.Select(urq.RoleID)。Where(urq.UserID == user.UserID)))));
BusinessObjects.SiteCollection sites = new BusinessObjects.SiteCollection();
< pre lang =cs> sites.Load(sq);
var siteList =来自网站中的s
选择新的Models.Site
{
SiteCode = s.SiteCode,
SiteDescription = s.SiteDescription,
SiteIDInternal =(Guid)s.SiteIDInternal,
SiteName = s.SiteName
};
HttpResponseMessage message = Request.CreateResponse(HttpStatusCode.OK,siteList.ToList());
返回消息;
}
catch(exception ex)
{
// return string.Empty;
var response = new HttpResponseMessage(HttpStatusCode.Conflict);
response.Content = new StringContent(ex.Message);
抛出新的HttpResponseException(响应);
}
}
此函数只返回在中创建的网站列表申请。
谢谢,
我能够使用以下链接来解决这个问题问题。
http://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api [ ^ ]
Hello Everyone,
We have created REST services using web API and successfully deployed on our Testing Servers. When check those services using POSTER (tool comes as addon in Mozilla and used for testing services), we get perfect output. But when we do Jquery Ajax call, we
face error of " Origin is not allowed by access-control-allow-origin + rest services ". To solve this problem we were about to use JSONP but jsonP does CSRF or XSRF attacks. Because of which we have to find another alternative.
Here is my code which i used to call Service.
function GetAllAssets() {
$.ajax({
type: "POST",
url: "http://xyz.com/VAMSyncServices/api/VAM/GetAllAssets",
data:"{'logInInfo':{'UserName':'Admin','Password':'passwprd'},'astAssetIDInternal':'','lastSyncDate':'','startSyncDate':''}",
contentType: "application/json; charset=utf-8",
dataType: "json",
async: false,
success: OnGetAllAssetsSuccess,
error: OnGetAllAssetsError
});
}
function OnGetAllAssetsSuccess(data, status) {
alert("data"+data);
alert("status "+status);
}
function OnGetAllAssetsError(request, status, error) {
alert("status "+ status);
alert(error);
}
We are using Windows server 2003 and 2008, Is there anything in server configuration which can solve this or any other alternative. Is that a problem of Rest Service Code shown below?
Here is a function code of one function:
[HttpPost]
public HttpResponseMessage GetAllSites(Models.LogInInfo logInInfo)
{
Models.LogWriter.WriteEventLog("UserName:" + logInInfo.UserName + "password:" + logInInfo.Password);
RESTLibrary.User user;
try
{
BusinessObjects.SiteQuery sq = new BusinessObjects.SiteQuery("s");
BusinessObjects.VisibleSitesQuery vs = new BusinessObjects.VisibleSitesQuery("v");
BusinessObjects.UserRoleQuery urq = new BusinessObjects.UserRoleQuery("r");
// code to get the Vam On Demand Database name and set the connection property of the ES objects.
Models.LogWriter.WriteEventLog("UserName:" + logInInfo.UserName + "password:" + logInInfo.Password);
user = Models.Common.AuthenticateUser(logInInfo.UserName, logInInfo.Password);
if (user == null)
{
throw new Exception("User is not authenticated.");
}
Int32 RoleID = user.GetUserRoleID();
sq.Select(sq.SiteCode,
sq.SiteDescription,
sq.SiteIDInternal,
sq.SiteName
).Where(sq.SiteID.In(vs.Select(vs.SiteID).Where(vs.RoleID.In(urq.Select(urq.RoleID).Where(urq.UserID == user.UserID)))));
BusinessObjects.SiteCollection sites = new BusinessObjects.SiteCollection();
<pre lang="cs">sites.Load(sq);
var siteList = from s in sites
select new Models.Site
{
SiteCode = s.SiteCode,
SiteDescription = s.SiteDescription,
SiteIDInternal = (Guid)s.SiteIDInternal,
SiteName = s.SiteName
};
HttpResponseMessage message = Request.CreateResponse(HttpStatusCode.OK, siteList.ToList());
return message;
}
catch (Exception ex)
{
// return string.Empty;
var response = new HttpResponseMessage(HttpStatusCode.Conflict);
response.Content = new StringContent(ex.Message);
throw new HttpResponseException(response);
}
}
This function just returns list of Sites created in application.
Thanks,
解决方案
.ajax({ type: "POST", url: "http://xyz.com/VAMSyncServices/api/VAM/GetAllAssets", data:"{'logInInfo':{'UserName':'Admin','Password':'passwprd'},'astAssetIDInternal':'','lastSyncDate':'','startSyncDate':''}", contentType: "application/json; charset=utf-8", dataType: "json", async: false, success: OnGetAllAssetsSuccess, error: OnGetAllAssetsError }); } function OnGetAllAssetsSuccess(data, status) { alert("data"+data); alert("status "+status); } function OnGetAllAssetsError(request, status, error) { alert("status "+ status); alert(error); }
We are using Windows server 2003 and 2008, Is there anything in server configuration which can solve this or any other alternative. Is that a problem of Rest Service Code shown below?
Here is a function code of one function:
[HttpPost] public HttpResponseMessage GetAllSites(Models.LogInInfo logInInfo) { Models.LogWriter.WriteEventLog("UserName:" + logInInfo.UserName + "password:" + logInInfo.Password); RESTLibrary.User user; try { BusinessObjects.SiteQuery sq = new BusinessObjects.SiteQuery("s"); BusinessObjects.VisibleSitesQuery vs = new BusinessObjects.VisibleSitesQuery("v"); BusinessObjects.UserRoleQuery urq = new BusinessObjects.UserRoleQuery("r"); // code to get the Vam On Demand Database name and set the connection property of the ES objects. Models.LogWriter.WriteEventLog("UserName:" + logInInfo.UserName + "password:" + logInInfo.Password); user = Models.Common.AuthenticateUser(logInInfo.UserName, logInInfo.Password); if (user == null) { throw new Exception("User is not authenticated."); } Int32 RoleID = user.GetUserRoleID(); sq.Select(sq.SiteCode, sq.SiteDescription, sq.SiteIDInternal, sq.SiteName ).Where(sq.SiteID.In(vs.Select(vs.SiteID).Where(vs.RoleID.In(urq.Select(urq.RoleID).Where(urq.UserID == user.UserID))))); BusinessObjects.SiteCollection sites = new BusinessObjects.SiteCollection(); <pre lang="cs">sites.Load(sq); var siteList = from s in sites select new Models.Site { SiteCode = s.SiteCode, SiteDescription = s.SiteDescription, SiteIDInternal = (Guid)s.SiteIDInternal, SiteName = s.SiteName }; HttpResponseMessage message = Request.CreateResponse(HttpStatusCode.OK, siteList.ToList()); return message; } catch (Exception ex) { // return string.Empty; var response = new HttpResponseMessage(HttpStatusCode.Conflict); response.Content = new StringContent(ex.Message); throw new HttpResponseException(response); } }
This function just returns list of Sites created in application.
Thanks,
I was able to use the following link to resolve this issue.
http://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api[^]
这篇关于带有WEBAPI的休息服务中的access-control-allow-origin不允许使用origin的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
