使用Windows身份验证的ASP.NET Core Web API-Cors请求未经授权 [英] Asp.net core web api using windows authentication - Cors request unauthorised
问题描述
在我的asp.net核心Web API中,我已经根据
我也看到了类似的问题,尝试了几乎所有解决方案,但选项请求仍然失败。
您可能需要阅读以下主题: https://github.com/aspnet/CORS/issues/60 。您可以混合使用匿名和NTLM,以便不会拒绝您的CORS预检(因为它们不包含Windows凭据)。 IIS在进入中间件之前就已经处理过NTLM身份验证,因此这很可能是IIS。您可能需要允许匿名COR进行飞行前检查。
In my asp.net core web api, I've configured Cors as per the article from MS documentation. The web api app is using windows authentication (Anonymous Authentication is Not enabled). Cor's policy is created and middle ware is added as below in the startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder => builder.WithOrigins("http://localhost:4200")
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials()
);
});
services.AddMvc().AddJsonOptions(options => {
options.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Ignore;
});
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
//Enable CORS policy
app.UseCors("CorsPolicy");
app.UseMvc();
}
Also applied the policy per controller level
[EnableCors("CorsPolicy"), Route("api/[controller]")]
public class LocationController : BaseController<Location>
{
//code
}
Options request is getting Unauthorized. The request & response looks like
I have seen similar questions and tried almost every solution but the options request is still failing.
You may want to read this thread: https://github.com/aspnet/CORS/issues/60. You can mix anonymous and NTLM so that your CORS preflights aren't denied (since they don't include windows credentials). IIS handles NTLM authentication before it even gets to the middleware so this is probably an IIS thing. You may need to allow anonymous CORs preflight checks.
这篇关于使用Windows身份验证的ASP.NET Core Web API-Cors请求未经授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!