Asp.net mvc CORS:RESTAPI与ASP.NET 4.5.1 MVC
我的应用程序在允许跨站点脚本编写时遇到问题。GET请求在我尝试发布我收到的帖子时工作正常:Asp.net mvc CORS:RESTAPI与ASP.NET 4.5.1 MVC,asp.net-mvc,asp.net-mvc-4,asp.net-web-api,cors,Asp.net Mvc,Asp.net Mvc 4,Asp.net Web Api,Cors,我的应用程序在允许跨站点脚本编写时遇到问题。GET请求在我尝试发布我收到的帖子时工作正常: XMLHttpRequest cannot load http://localhost:49187/api/CampaignRegistration. The request was redirected to 'http://localhost:49187/Authentication/UnAuthorized?ReturnUrl=%2Fapi%2FCampaignRegistration', whic
XMLHttpRequest cannot load http://localhost:49187/api/CampaignRegistration. The request was redirected to 'http://localhost:49187/Authentication/UnAuthorized?ReturnUrl=%2Fapi%2FCampaignRegistration', which is disallowed for cross-origin requests that require preflight.
我的飞行前请求返回200 OK(没有身份验证标头),但我的实际请求返回302 Not Found(包含身份验证标头)
我的飞行前请求如下所示:
Access-Control-Request-Headers:accept, content-type
Access-Control-Request-Method:POST
protected override bool IsAuthorized(HttpActionContext actionContext)
{
try
{
if (HttpContext.Current.Request.Headers.AllKeys.Contains("Authorization"))
{
string authHeader = HttpContext.Current.Request.Headers["Authorization"];
string cred =
Encoding.UTF8.GetString(Convert.FromBase64String(authHeader.Substring("Basic ".Length)));
string[] parts = cred.Split(':');
string userName = parts[0];
string password = parts[1];
if (userName == _configRepository.WebApiUsername && password == _configRepository.WebApiPassword)
{
return true;
}
}
return false;
}
catch (Exception ex)
{
return false;
}
}
答复是:
Access-Control-Allow-Headers:content-type
Access-Control-Allow-Origin:*
我的请求有效负载头是:
{Cache-Control: "no-cache", Authorization: "Basic XXXXX"}
我在我的WebApiConfig.cs中启用了CORS,如下所示(我将在实际工作时更改源代码:*)。我删除了web.config中与CORS相关的所有内容
var cors = new EnableCorsAttribute("*", "*", "*");
config.EnableCors(cors);
My WebApi控制器都扩展了BasicApiController,其中包括一个自定义的authenticate属性,如下所示:
Access-Control-Request-Headers:accept, content-type
Access-Control-Request-Method:POST
protected override bool IsAuthorized(HttpActionContext actionContext)
{
try
{
if (HttpContext.Current.Request.Headers.AllKeys.Contains("Authorization"))
{
string authHeader = HttpContext.Current.Request.Headers["Authorization"];
string cred =
Encoding.UTF8.GetString(Convert.FromBase64String(authHeader.Substring("Basic ".Length)));
string[] parts = cred.Split(':');
string userName = parts[0];
string password = parts[1];
if (userName == _configRepository.WebApiUsername && password == _configRepository.WebApiPassword)
{
return true;
}
}
return false;
}
catch (Exception ex)
{
return false;
}
}
我的前端是使用backbone.js制作的,但我真的认为问题不在前端。我尝试过更改web.config,但没有任何效果,从我收集的信息来看,在启用CORS之后,它不再需要任何东西。我尝试绕过选项方法的身份验证,因为我的应用程序不使用选项(飞行前请求之外),但正如预期的那样,这没有任何作用,因为即使没有身份验证标头,飞行前请求也可以。如果有人有任何想法,将不胜感激 问题似乎出在客户端。授权参数在有效负载中,而不是在标头中/脸掌