在我的应用程序中,我正在使用基于令牌的身份验证和基于CORS支持的web api,但是当客户端请求令牌时,由于CORS(跨原始请求被阻止:同源原则策略)不允许读取远程资源(我的站点)名称),这可以通过将资源移动到同一个域或启用CORS来修复.)
我已经配置了CORS支持所需的一切(我认为这样).这里我的配置
欧文启动班
@H_301_6@public class Startup { public void Configuration(IAppBuilder app) { var config = new HttpConfiguration { DependencyResolver = new StructureMapWebApiDependencyResolver(container) }; WebApiConfig.Register(config); // registering web api configuration app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll); // cors for owin token pipeline app.UseWebApi(config); ConfigureOAuth(app); } public void ConfigureOAuth(IAppBuilder app) { var oAuthAuthorizationServerOptions = new OAuthAuthorizationServerOptions() { AllowInsecureHttp = true,TokenEndpointPath = new PathString("/token"),AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),Provider = new SimpleAuthorizationServerProvider() }; // Token Generation app.USEOAuthAuthorizationServer(oAuthAuthorizationServerOptions); app.USEOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()); } }和我的webapi配置
@H_301_6@public static class WebApiConfig { public static void Register(HttpConfiguration config) { config.EnableCors(); // Corse support for Web api config.MapHttpAttributeRoutes(); // attribute based urls config.Routes.MapHttpRoute( name: "DefaultApi",routeTemplate: "api/{controller}/{id}",defaults: new { id = RouteParameter.Optional } ); } }这里配置在web.config
@H_301_6@<system.webserver> <httpProtocol> <customHeaders> <!-- Adding the following custom HttpHeader will help prevent CORS from stopping the Request--> <add name="Access-Control-Allow-Origin" value="*" /> <add name="Access-Control-Allow-Methods" value="GET,POST,OPTIONS,PUT,DELETE" /> </customHeaders> </httpProtocol> </system.webserver>和我的请求标题从mozilla
@H_301_6@Accept application/json,text/plain,*/* Accept-Encoding gzip,deflate Accept-Language en-US,en;q=0.5 Content-Length 67 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Host talenterp Origin http://192.168.1.11:85 Referer http://192.168.1.11:85/ User-Agent Mozilla/5.0 (Windows NT 6.3; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0应用程序的URL是
服务器应用程序(应支持CORS)
@H_301_6@{http://talenterp}令牌终点:
@H_301_6@{http://talenterp/token}客户端应用
@H_301_6@{http://talentmvc:85}注意:我已经添加
@H_301_6@context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin",new[] { "*" });在我的AuthorizationServerProvider的GrantResourceOwnerCredentials()方法中
解决方法
确保你只有
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
配置,而不是您的Global.asax或WebApiConfig中的旧样式“config.EnableCors()”.此外:将上述语句作为第一个语句放在您的owin启动类中.是的,真的有所作为,稍后再设置也可能导致cors不起作用.
@H_301_6@public partial class Startup { public void Configuration(IAppBuilder app) { app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll); ... etc