OWIN 上的 CORS 和访问/token 导致“Access-Control-Allow-Origin"错误 [英] CORS on OWIN and accessing /token causes 'Access-Control-Allow-Origin' error
问题描述
我在使用 owin 中间件保护我的 Web API 时遇到问题.
I am having trouble with securing my Web API using owin middle ware.
我已经安装了下面的包
Install-Package Microsoft.Owin.Cors -Version 2.1.0
下面是 ConfigureAuth.cs 代码.
And below is ConfigureAuth.cs code.
public void ConfigureAuth(IAppBuilder app)
{
//...
app.UseOAuthBearerTokens(OAuthOptions);
///Install-Package Microsoft.Owin.Cors -Version 2.1.0
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
}
我在一个链接上托管了这个 WebApi 项目,比如说,http://webaip.azurewebsites.net
I have hosted this WebApi project on a link , say ,http://webaip.azurewebsites.net
我正在尝试从另一个站点访问上述 API 的控制器方法,例如 http://mysite.azurewebsites.net有了上面的代码,我就可以调用所有不安全的 API 方法.(未用 Authorize 属性装饰)通过 javascript 我无法调用/Token 进行身份验证.下面是我的javascript代码.
I am trying to access controller methods of above API from another site, say , http://mysite.azurewebsites.net With above code in place I am able to invoke all the methods of API which are not secure. (Not decorated with Authorize attribute) Through javascript I am not able to invoke /Token for authentication. Below is my javascript code.
function LogIn() {
var loginData = {
grant_type: 'password',
username: 'username',
password: 'password',
};
$.ajax({
type: 'POST',
url: 'http://webaip.azurewebsites.net/Token/',
data: loginData
}).done(function (data) {
alert('logged in');
alert(data);
}).fail(function (data) {
alert('login problem')
}).error(function (data) {
alert('error invoking API');
});
return false;
}
我遇到了错误
XMLHttpRequest cannot load http://webaip.azurewebsites.net/Token/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://mysite.azurewebsites.net' is therefore not allowed access. The response had HTTP status code 404.
注意:我也尝试过使用下面的代码.它也不适合我.
Note: I have also tried to use below code with. It's not working for me either.
public static void Register(HttpConfiguration config)
{
var json = config.Formatters.JsonFormatter;
config.Formatters.Remove(config.Formatters.XmlFormatter);
//Need to have Microsoft.AspNet.WebApi.Cors package installed.
config.EnableCors(new EnableCorsAttribute("*","*","*"));
}
推荐答案
经过数小时的搜索和查看许多不同的解决方案后,我已经设法按照以下方式使其工作.
After many hours of searching and looking at many many different solutions to this i have managed to get this working as per the below.
发生这种情况的原因有很多.很可能您在错误的地方启用了 CORS,或者它启用了两次或根本没有启用.
There are a number of reasons this is happening. Most likely you have CORS enabled in the wrong place or it is enabled twice or not at all.
如果您使用的是 Web API 和 Owin Token 端点,那么您需要删除 Web API 方法中对 CORS 的所有引用并添加正确的 owin 方法,因为 Web api cors 不能与 Token 端点一起使用,而 Owin cors 可以使用对于 Web API 和令牌身份验证端点,让我们开始吧:
If you are using Web API and Owin Token end point then you need to remove all the references to CORS in your Web API method and add the correct owin method because web api cors will not work with Token endpoint whilst Owin cors will work for both Web API and Token auth end points so lets begin:
- 确保您已安装 Owin Cors 软件包
- 删除您拥有的任何行 eg.config.EnableCors();从您的 WebAPIconfig.cs文件
转到您的 startup.cs 文件并确保执行 OwinCors 在任何其他配置运行之前.
- Make sure you have the Owin Cors package installed
- Remove any line that you have eg.config.EnableCors(); from your WebAPIconfig.cs file
Go to your startup.cs file and make sure you execute Owin Cors before any of the other configuration runs.
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
ConfigureAuth(app);
如果您仍然遇到问题,请转到:Startup.Auth.cs 并确保您的 ConfigureAuth 方法中有以下内容(如果您的 startup.cs 文件正确,则不需要此文件)
If your still having problems go to: Startup.Auth.cs and ensure you have the following in your ConfigureAuth method (you shouldnt need this if your startup.cs file is correct)
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
这篇关于OWIN 上的 CORS 和访问/token 导致“Access-Control-Allow-Origin"错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
