CORS预检请求返回带有Windows身份验证的HTTP 401 [英] CORS preflight request returning HTTP 401 with windows authentication
问题描述
我在谷歌和Stack溢出搜索了很多,为我的问题找到了解决方案,但没有任何效果。
I searched a lot on Google and Stack overflow to find a solution for my problem, but nothing worked.
这是我的问题:
-
我使用IIS 7和一个名为WebDEV的特殊编程环境,它不允许直接操作
OPTIONSHTTP方法。因此,所有使用代码建议某种服务器端请求处理的解决方案都是不可行的。
I use IIS 7 with a special programming environment called WebDEV that does not allow direct manipulation of
OPTIONSHTTP method. So, all solutions suggesting some kind of server-side request handling using code are not feasible.
我必须使用Window身份验证并禁用匿名访问
I have to use Window authentication and disable anonymous access
我有一个页面使用CORS POST到此服务器。由于此POST应具有 Content-type:Octet-stream ,因此浏览器会发出预检。
I have a page that uses CORS to POST to this server. As this POST should have Content-type: Octet-stream, a preflight is issued by the browser.
当我启用匿名访问时,一切正常(CORS配置正确)
When I enable anonymous access, everything works fine (CORS is well configured)
当我禁用匿名访问时,服务器回复HTTP 401未经授权的响应预检请求,因为它不包含凭据信息。
When I disable anonymous access, the server replies with HTTP 401 unauthorized response to the preflight request, as it does not contain credentials information.
我试图为IIS接受一个接受这样的OPTIONS请求的模块,但它不起作用(无法正确地将模块添加到IIS中),
I tried to write a module for IIS that accepts OPTIONS requests like this, but it did not work (couldn't add the module correctly to IIS, maybe)
public class CORSModule : IHttpModule
{
public void Dispose() {
}
public void Init(HttpApplication context)
{
context.PreSendRequestHeaders += delegate
{
if (context.Request.HttpMethod == "OPTIONS")
{
var response = context.Response;
response.StatusCode = (int)HttpStatusCode.OK;
}
};
}
}
问题是:如何在不启用匿名访问或编写某些服务器端代码的情况下,使用HTTP 200响应预检请求?是否有一个简单的配置或现成的模块供IIS使用?至少,将上述模块安装到IIS 7的具体步骤是什么?
The question is: How can I make IIS respond with HTTP 200 to the preflight request without enabling anonymous access or writing some server-side code? Is there an easy configuration or a ready-made module for IIS to do so? At least, what are the detailed steps to install the above module into IIS 7?
推荐答案
以下是使用URL的解决方案重写IIS模块。它完美无缺。
Here is the solution that uses "URL Rewrite" IIS module. It works perfectly.
1-停止IIS服务(可能没有必要)
1- Stop IIS service (maybe not necessary)
2-安装web平台安装程序来自 https://www.microsoft.com/web/downloads/platform.aspx
2- Install "web platform installer" from https://www.microsoft.com/web/downloads/platform.aspx
3-转到应用程序选项卡并搜索URL重写并下载
3- Go to "Applications" tab and search for "URL Rewrite" and download it
4-安装此修补程序KB2749660(可能没有必要)
4- Install this hotfix KB2749660 (maybe not necessary)
5-打开IIS配置工具,双击URL重写
5- Open IIS configuration tool, double click "URL Rewrite"
6-添加新的空白规则
6- Add a new blankrule
7-给它任意名称
8- In 匹配网址,指定此模式:。*
8- In "Match URL", specify this pattern: .*
9-在条件中,指定此条件条目: {REQUEST_METHOD} 和此模式: ^ OPTIONS $
9- In "Conditions", specify this condition entry: {REQUEST_METHOD} and this pattern: ^OPTIONS$
10-在操作中,指定:操作类型个性化响应,州代码 200 ,原因预检,描述预检
10- In "Action", specify: action type Personalized response, state code 200, reason Preflight, description Preflight
11-启动服务器
现在,服务器应回复对预检请求的200状态代码响应,无论身份验证。
Now, the server should reply with a 200 status code response to the preflight request, regardless of the authentication.
备注:我也禁用了所有压缩,我不知道是否重要。
Remarks: I also disabled all compression, I don't know if it matters.
这篇关于CORS预检请求返回带有Windows身份验证的HTTP 401的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
