CORS没有在网页API正与OWIN认证 [英] CORS is not working in web api with OWIN authentication
问题描述
在我的应用我使用的Web API与CORS支持基于令牌的认证,但是当令牌客户端请求时,发生由于CORS(跨域请求阻止错误:同源策略不允许读取远程资源时(我的网站名称)。这可以通过资源移动到相同域或启用CORS是固定的。)
In my application i am using web api with token based authentication with CORS support, but when client request for the token, an error occured due to CORS (Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at (my site name) . This can be fixed by moving the resource to the same domain or enabling CORS.)
我已经配置了CORS支持所需的一切(我这么认为)。在这里我的配置
I had configured everything required for CORS support ( i think so). here my configuration
Owin启动类
public class Startup
{
public void Configuration(IAppBuilder app)
{
var config = new HttpConfiguration
{
DependencyResolver = new StructureMapWebApiDependencyResolver(container)
};
WebApiConfig.Register(config); // registering web api configuration
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll); // cors for owin token pipeline
app.UseWebApi(config);
ConfigureOAuth(app);
}
public void ConfigureOAuth(IAppBuilder app)
{
var oAuthAuthorizationServerOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = new SimpleAuthorizationServerProvider()
};
// Token Generation
app.UseOAuthAuthorizationServer(oAuthAuthorizationServerOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
}
和我的WebAPI配置
And my webapi configuration
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
config.EnableCors(); // Corse support for Web api
config.MapHttpAttributeRoutes(); // attribute based urls
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
}
}
在这里web.config配置
here configuration in web.config
<system.webserver>
<httpProtocol>
<customHeaders>
<!-- Adding the following custom HttpHeader will help prevent CORS from stopping the Request-->
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="GET, POST, OPTIONS, PUT, DELETE" />
</customHeaders>
</httpProtocol>
</system.webserver>
和Mozilla的我的请求头
and my request header from mozilla
Accept application/json, text/plain, */*
Accept-Encoding gzip, deflate
Accept-Language en-US,en;q=0.5
Content-Length 67
Content-Type application/x-www-form-urlencoded; charset=UTF-8
Host talenterp
Origin http://192.168.1.11:85
Referer http://192.168.1.11:85/
User-Agent Mozilla/5.0 (Windows NT 6.3; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0
应用程序的URL是
Server应用程序(它应该支持CORS)
Server app (which should support CORS)
{http://talenterp}
令牌终点:
{http://talenterp/token}
客户端应用程序
{http://talentmvc:85}
注:我已经添加了
NB: I already added
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
在GrantResourceOwnerCredentials()我AuthorizationServerProvider的方法
in GrantResourceOwnerCredentials() method of my AuthorizationServerProvider
推荐答案
请确认您只已经有了
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
配置,和不可以还旧风格config.EnableCors()'在你的Global.asax或WebApiConfig。此外:将上面的语句作为你owin启动类第一个。是的,这真的有差别,将其设置以后还可能导致CORS到不行。
configured, and not also the old style 'config.EnableCors()' in your Global.asax or WebApiConfig. Furthermore: place the above statement as the first one in your owin Startup class. Yes that really makes a difference, setting it later can also cause cors to not work.
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
... etc
这篇关于CORS没有在网页API正与OWIN认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!