Angular 如何防止windows身份验证将浏览器重定向到API URL?
我们有一个Angular4前端,它使用Windows身份验证调用托管在IIS中的ASP.NET Core 2.0 Web API。第一次加载前端或以匿名方式加载前端时,它需要登录,但成功登录后不会重定向回前端。结果是这样的:Angular 如何防止windows身份验证将浏览器重定向到API URL?,angular,iis,asp.net-core,windows-authentication,Angular,Iis,Asp.net Core,Windows Authentication,我们有一个Angular4前端,它使用Windows身份验证调用托管在IIS中的ASP.NET Core 2.0 Web API。第一次加载前端或以匿名方式加载前端时,它需要登录,但成功登录后不会重定向回前端。结果是这样的: 在http://localhost:4200 登录提示弹出,API url位于http://localhost:53465 成功登录后,浏览器保持打开状态http://localhost:53465而不是重定向到http://localhost:4200 这一切都是从最
- 在
http://localhost:4200
- 登录提示弹出,API url位于
http://localhost:53465
- 成功登录后,浏览器保持打开状态
而不是重定向到http://localhost:53465
http://localhost:4200
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Angular" stopProcessing="true">
<match url=".*" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Rewrite" url="/" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
以下是一个示例API端点:
[Route("pending")]
[Authorize]
public class PendingCorrespondenceController : Controller
{
....
public async Task<IActionResult> GetPendingCorrespondence()
{
[路由(“待定”)]
[授权]
公共类挂起通信控制器:控制器
{
....
公共异步任务GetPendingEncordentials()
{
以及API的Startup.cs:
public void ConfigureServices(IServiceCollection services)
{
services.AddSingleton(Configuration);
services.AddMemoryCache();
services.AddMvc();
services.AddAuthentication(IISDefaults.AuthenticationScheme);
services.AddAuthentication("CookieAuthenticationScheme")
.AddCookie("CookieAuthenticationScheme");
services.AddCors(options =>
{
options.AddPolicy("AllowSpecificOrigin", builder =>
{
builder.WithOrigins(Configuration["CORS:AllowedOrigins"]);
builder.AllowCredentials();
builder.AllowAnyHeader();
builder.AllowAnyMethod();
});
});
services.AddSingleton<IDashboardData, CacheDashboardData>();
services.AddSingleton<ICorrespondencePermission, CorrespondencePermission>();
services.AddSingleton<IPendingCorrespondence, PendingCorrespondence.PendingCorrespondence>();
services.AddSingleton<IHoldForReview, HoldForReview.HoldForReview>();
services.AddSingleton<IActiveDirectory, ActiveDirectory>();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment()) app.UseDeveloperExceptionPage();
app.UseAuthentication();
app.UseCors("AllowSpecificOrigin");
app.UseMiddleware<PermissionsMiddleware>();
app.UseMiddleware<GlobalExceptionLogger>();
app.UseMvc().UseMvcWithDefaultRoute();
}
public void配置服务(IServiceCollection服务)
{
services.AddSingleton(配置);
services.AddMemoryCache();
services.AddMvc();
服务.AddAuthentication(IISDefaults.AuthenticationScheme);
services.AddAuthentication(“CookieAuthenticationScheme”)
.AddCookie(“Cookie认证方案”);
services.AddCors(选项=>
{
options.AddPolicy(“AllowSpecificOrigin”,builder=>
{
builder.WithOrigins(配置[“CORS:AllowedOrigins”]);
builder.AllowCredentials();
builder.AllowAnyHeader();
builder.AllowAnyMethod();
});
});
services.AddSingleton();
services.AddSingleton();
services.AddSingleton();
services.AddSingleton();
services.AddSingleton();
}
//此方法由运行时调用。请使用此方法配置HTTP请求管道。
公共无效配置(IApplicationBuilder应用程序,IHostingEnvironment环境)
{
if(env.IsDevelopment())app.UseDeveloperExceptionPage();
app.UseAuthentication();
应用程序UseCors(“AllowSpecificCorigin”);
app.UseMiddleware();
app.UseMiddleware();
app.UseMvc().UseMvcWithDefaultRoute();
}
我们已经为此苦苦挣扎了几天,但运气不佳,是否有明显的缺失?我们在AngularJS上也遇到了同样的问题,您找到了解决方案吗?不幸的是,我们没有找到解决方案,我们不得不在同一服务器/端口上结合API和UI
@Injectable()
export class NoCacheRequestOptions extends BaseRequestOptions {
constructor () {
super();
this.headers.append('Cache-Control','no-cache');
this.headers.append('Pragma', 'no-cache');
this.headers.append('Expires', 'Sat, 01 Jan 2000 00:00:00 GMT');
this.headers.append('Content-Type', 'application/json');
this.withCredentials = true;
}
}
[Route("pending")]
[Authorize]
public class PendingCorrespondenceController : Controller
{
....
public async Task<IActionResult> GetPendingCorrespondence()
{
public void ConfigureServices(IServiceCollection services)
{
services.AddSingleton(Configuration);
services.AddMemoryCache();
services.AddMvc();
services.AddAuthentication(IISDefaults.AuthenticationScheme);
services.AddAuthentication("CookieAuthenticationScheme")
.AddCookie("CookieAuthenticationScheme");
services.AddCors(options =>
{
options.AddPolicy("AllowSpecificOrigin", builder =>
{
builder.WithOrigins(Configuration["CORS:AllowedOrigins"]);
builder.AllowCredentials();
builder.AllowAnyHeader();
builder.AllowAnyMethod();
});
});
services.AddSingleton<IDashboardData, CacheDashboardData>();
services.AddSingleton<ICorrespondencePermission, CorrespondencePermission>();
services.AddSingleton<IPendingCorrespondence, PendingCorrespondence.PendingCorrespondence>();
services.AddSingleton<IHoldForReview, HoldForReview.HoldForReview>();
services.AddSingleton<IActiveDirectory, ActiveDirectory>();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment()) app.UseDeveloperExceptionPage();
app.UseAuthentication();
app.UseCors("AllowSpecificOrigin");
app.UseMiddleware<PermissionsMiddleware>();
app.UseMiddleware<GlobalExceptionLogger>();
app.UseMvc().UseMvcWithDefaultRoute();
}