B2C和Azure App Service的CORS问题 [英] CORS problem with B2C and Azure App Service
问题描述
我通过在控制器中使用AddCors和EnableCors在我的ASP.NET/Angular应用程序中启用了CORS.我的应用程序正在与AD B2C页面通信.构建后,我在控制台中遇到此错误:
I have enabled CORS in my ASP.NET/Angular application by using AddCors and EnableCors in controllers. My application is communicating with AD B2C pages. After build I have this error in the console :
通过' https://XXX.b2clogin.com/访问XMLHttpRequest(已重定向)来自' https://XXX.azurewebsites.net/User/Info ')" https://XXX.azurewebsites.net "已被CORS政策禁止:否请求中存在"Access-Control-Allow-Origin"标头资源.
Access to XMLHttpRequest at 'https://XXX.b2clogin.com/ (redirected from 'https://XXX.azurewebsites.net/User/Info') from origin 'https://XXX.azurewebsites.net' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Startup.cs:
Startup.cs :
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder => builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
});
控制器:
[EnableCors("CorsPolicy")]
[Authorize]
public class UserEditController : Controller
我也通过以下方式在Azure上启用了CORS: Allowed Origins-*
.
I have enabled CORS on Azure too by putting : Allowed Origins - *
.
更新:
[Route("User/Info")]
[HttpGet]
public async Task<IActionResult> LoggedInUserInfo()
{
if (User.Identity.IsAuthenticated)
{
var user = ((ClaimsIdentity)User.Identity).FindFirst(ClaimTypes.NameIdentifier).Value;
var viewmodel = await userService.GetUserByObjectId(user);
return Json(new { loggedIn = "true", user = viewmodel });
}
return Json(new { loggedIn = "false" });
}
推荐答案
您似乎正在尝试来自 https://xxx.azurewebsites.net/ 域添加到
It appears that you're attempting a cross-origin request from the https://xxx.azurewebsites.net/ domain to the https://xxx.b2clogin.com/ domain.
当前 .b2clogin.com
域不允许来自任何其他域的任何跨域请求.
Currently the .b2clogin.com
domain doesn't allow any cross-origin requests from any other domain.
这篇关于B2C和Azure App Service的CORS问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!