与ASP.NET Web Api 2.0一起使用时,Microsoft.Owin.Cors中间件会做什么? [英] What does Microsoft.Owin.Cors middleware do when used with ASP.NET Web Api 2.0?
问题描述
我有一个带有令牌身份验证的ASP.NET Web Api 2.0项目,主要按照本文进行操作:
在我的令牌提供商端点响应上启用Cors. 那么,这个Microsoft.Owin.Cors中间件到底有什么用?因为我到处都读到有关Web Api 2.0和Cors的这一行代码 出现: 感谢您关注我的教程. 此LOC 但是对于Authz服务器和端点 希望这能回答您的问题. I have an ASP.NET Web Api 2.0 project with token authentication and everything done mainly following this article: Token Based Authentication using ASP.NET Web API 2, Owin, and Identity, Bit Of Technology But I am struggling to understand what exactly this line of code in my Startup.cs does: This does not make the Web Api add the Access-Control-Allow-Origin header to my API responses, in other words it does not enable Cors in my Web Api (still trying to understand how to do this by the way). It does not even add it to my bearer token authentication server response. I have to have this code to my OAuthAuthorizationServerProvider: to enable Cors on my token provider end point responses. So what is the use of this Microsoft.Owin.Cors middleware anyway? Because everywhere I read about Web Api 2.0 and Cors this line of code comes up: thanks for following my tutorial. This LOC But for the Authz server and end point Hope this answers your question. 这篇关于与ASP.NET Web Api 2.0一起使用时,Microsoft.Owin.Cors中间件会做什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);用于为API本身启用任何CORS(任何从ApiController继承的控制器). /token而言,这没有任何影响,这就是为什么我必须添加context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });的原因.该端点不是API的一部分,并且不继承自ApiController类. /p>
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll); is used to enable CORS for the API itself (Any controller inheriting from ApiController). /token this make no affect that is why I've to add context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }); This end point is not part from the API and doesn't inherit from ApiController class.
