SignalR跨域连接与自主和验证 [英] SignalR cross-domain connections with self-hosting and authentication

问题描述

我在网络浏览器中得到的错误是，当我尝试启用身份验证时， ：

XMLHttpRequest无法加载http：//.../signalr/negotiate？[snip] -Control-Allow-Origin

这只会发生，如果我启用身份验证在我的自托管服务器使用此答案：

  public void Configuration（IAppBuilder app）
 {
 var listener =（HttpListener）app.Properties [typeof（HttpListener）.FullName]; 
 listener.AuthenticationSchemes = AuthenticationSchemes.Ntlm; 
 
 app.MapHubs（new HubConfiguration {EnableCrossDomain = true}）; 
} 
  

如果我注释掉了 AuthenticationSchemes line then CORS works（and I've checked everything in 这些说明）。

使用Fiddler检查发生了什么，没有启用认证启用我看到必须从服务器返回的CORS标头：

访问控制允许凭证：true

访问控制-Allow-Origin：[我的服务器]

但是一旦我启用身份验证，我得到一个401响应，所有请求都有必要的 Origin 头。

已检查SignalR 源代码它看起来像标头正在设置，但大概启用了身份验证 HttpListener 正在发送初始401响应，而不必触发此代码。

所以我想我的问题是：获得 HttpListener 在认证协议的协商中包括 Access-Control-Allow-Origin >

解决方案

我认为你使用Chrome，这是非常无益地告诉你，这些头失踪，这是问题，可能只是忘记设置您的 XMLHttpRequest 的 withCredentials 属性为 true 。

如果你使用jQuery，你可以对所有的请求做到这一点：

  $。ajaxPrefilter options，originalOptions，jqXHR）{
 options.xhrFields = {withCredentials：true}; 
}）; 
  

您还需要使用 OPTIONS 请求，如在另一个答案。

I have a CORS problem when self-hosting SignalR with OWIN, which only happens when I try to enable authentication.

The error I get in my web browser is:

XMLHttpRequest cannot load http://.../signalr/negotiate?[snip] Origin ... is not allowed by Access-Control-Allow-Origin

This only happens if I enable authentication in my self-hosted server using the approach in this answer:

public void Configuration(IAppBuilder app)
{
  var listener = (HttpListener)app.Properties[typeof(HttpListener).FullName];
  listener.AuthenticationSchemes = AuthenticationSchemes.Ntlm; 

  app.MapHubs(new HubConfiguration { EnableCrossDomain = true });
} 

If I comment out the AuthenticationSchemes line then CORS works (and I've checked everything in these instructions). I get the same problem if I use other authentication schemes than NTLM.

Using Fiddler to examine what's going on, without authentication enabled I see the necessary CORS headers coming back from the server:

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: [my server]

However once I enable authentication I get a 401 response which is missing these headers. All the requests have the necessary Origin header.

Having examined the SignalR source code it looks like the headers are being set, but presumably with authentication enabled the HttpListener is sending the initial 401 response without hitting this code.

So I think my question is: How do I get the HttpListener to include an Access-Control-Allow-Origin header in its negotiation of authentication protocols?

解决方案

I presume you're using Chrome, which very unhelpfully tells you that these headers are missing and that this is the problem, when actually you have probably just forgot to set your XMLHttpRequest's withCredentials property to true.

If you're using jQuery you can do this for all requests with:

$.ajaxPrefilter(function (options, originalOptions, jqXHR) {
  options.xhrFields = { withCredentials: true };
});

You also need to do the right thing with OPTIONS requests as in the other answer.

这篇关于SignalR跨域连接与自主和验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！