webapi 2.0跨源行为 [英] webapi 2.0 cross origin behaviour
问题描述
我正在使用下面的默认webapi ApplicationOAuthProvider代码登录.然后我添加
i am using default webapi ApplicationOAuthProvider code below to login. and i add in
<add name="Access-Control-Allow-Origin" value="*" />
在web.config中的
上,客户端可以通过www.testapi.com/token登录. 一切正常.
in the web.config and client is able to login via www.testapi.com/token. everything works fine.
但是当我创建一个自定义的webapi函数时.它仍然要求我启用访问源控件.所以我通过在WebapiConfig.cs
But when i create a custom webapi function. it is still asking me for access-origin control to enable. So i do so by adding this line of code in WebapiConfig.cs
EnableCorsAttribute cors = new EnableCorsAttribute("http://www.myweb.com:82", "*", "*");
config.EnableCors(cors);
这一次提示错误
''Access-Control-Allow-Origin'标头包含多个值' http://www.myweb. com:82 ,*',但只允许一个.因此,不允许访问来源" http://www.myweb.com:82 .
''Access-Control-Allow-Origin' header contains multiple values 'http://www.myweb.com:82, *', but only one is allowed. Origin 'http://www.myweb.com:82' is therefore not allowed access.
所以我删除了web.config中的<add name="Access-Control-Allow-Origin" value="*" />,它可以正常工作!!
so i remove the <add name="Access-Control-Allow-Origin" value="*" /> in the web.config and it works!!.
我返回登录名,并要求添加<add name="Access-Control-Allow-Origin" value="*" />.但是,如果我添加它.我的webapi方法将无法调用.
i return to the login and it is asking for <add name="Access-Control-Allow-Origin" value="*" /> to be added. but if i add this in. my webapi method will not be able to call.
如果我不添加.客户端将无法登录.
if i dont add. client will not be able to log in.
有两种方法都可以工作吗? 下面是200错误的响应.
is there a way for both to work? below is the response of 200 with error.
更新1 startup.auth.cs
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context and user manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Configure the application for OAuth based flow
PublicClientId = "self";
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(PublicClientId),
AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
// In production mode set AllowInsecureHttp = false
AllowInsecureHttp = true
};
// Enable the application to use bearer tokens to authenticate users
app.UseOAuthBearerTokens(OAuthOptions);
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);//as instructed
webapiconfig.cs
public static void Register(HttpConfiguration config)
{
// Web API configuration and services
// Configure Web API to use only bearer token authentication.
config.SuppressDefaultHostAuthentication();
config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType));
// Web API routes
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
WebApiConfig.Register(config);
config.EnableCors(new EnableCorsAttribute("*", "*", "GET, POST, OPTIONS, PUT, DELETE"));
//var jsonp = new JsonpMediaTypeFormatter(config.Formatters.JsonFormatter);
//config.Formatters.Insert(0, jsonp);
}
}
推荐答案
好吧,最后我在"@manprit Singh Sahota"的帮助下设法使其正常工作.
ok finally i managed to get it work with help from "@manprit Singh Sahota"
我从web.config中删除了所有访问策略.
以及WebApiConfig
i remove all the access policy from web.config.
and also the line below in WebApiConfig
EnableCorsAttribute cors = new EnableCorsAttribute("*", "*", "*");
config.EnableCors(cors);
我只将此行添加到Startup.Auth.cs
public void ConfigureAuth(IAppBuilder app)
{
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);//working line
这篇关于webapi 2.0跨源行为的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
