使用 Windows 身份验证的 Asp.net 核心 Web api - Cors 请求未经授权 [英] Asp.net core web api using windows authentication - Cors request unauthorised
问题描述
在我的 asp.net core web api 中,我已经按照
我看到过类似的问题并尝试了几乎所有解决方案,但选项请求仍然失败.
您可能想阅读此主题:https://github.com/aspnet/CORS/issues/60.您可以混合使用匿名和 NTLM,以便不会拒绝您的 CORS 预检(因为它们不包含 Windows 凭据).IIS 在它到达中间件之前处理 NTLM 身份验证,所以这可能是 IIS 的事情.您可能需要允许匿名 COR 预检.
In my asp.net core web api, I've configured Cors as per the article from MS documentation. The web api app is using windows authentication (Anonymous Authentication is Not enabled). Cor's policy is created and middle ware is added as below in the startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder => builder.WithOrigins("http://localhost:4200")
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials()
);
});
services.AddMvc().AddJsonOptions(options => {
options.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Ignore;
});
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
//Enable CORS policy
app.UseCors("CorsPolicy");
app.UseMvc();
}
Also applied the policy per controller level
[EnableCors("CorsPolicy"), Route("api/[controller]")]
public class LocationController : BaseController<Location>
{
//code
}
Options request is getting Unauthorized. The request & response looks like
I have seen similar questions and tried almost every solution but the options request is still failing.
You may want to read this thread: https://github.com/aspnet/CORS/issues/60. You can mix anonymous and NTLM so that your CORS preflights aren't denied (since they don't include windows credentials). IIS handles NTLM authentication before it even gets to the middleware so this is probably an IIS thing. You may need to allow anonymous CORs preflight checks.
这篇关于使用 Windows 身份验证的 Asp.net 核心 Web api - Cors 请求未经授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
