Asp.net Angular 8在使用ASP NET Core 3.1 Web Api时出现CORS策略问题
我在开发Angular 8、ASP NET核心Web Api Web应用程序时遇到了CORS策略问题。我的angular应用程序正在运行http://localhost:4200 有一个服务是为与Web Api通信而创建的。情况如下Asp.net Angular 8在使用ASP NET Core 3.1 Web Api时出现CORS策略问题,asp.net,angular,asp.net-core,cors,Asp.net,Angular,Asp.net Core,Cors,我在开发Angular 8、ASP NET核心Web Api Web应用程序时遇到了CORS策略问题。我的angular应用程序正在运行http://localhost:4200 有一个服务是为与Web Api通信而创建的。情况如下 @Injectable({ providedIn: 'root' }) export class AuthenticationService { apiUrl: string = ""; constructor(private
@Injectable({
providedIn: 'root'
})
export class AuthenticationService {
apiUrl: string = "";
constructor(private http: HttpClient) {
this.apiUrl = 'https://localhost:44316';
}
login(Username: any, Password: any){
return this.http.post<Observable<ResultItem<AuthenticationResponse>>>(this.apiUrl + "/api/User/Authenticate", {Username: Username, Password: Password});
}
}
public class Startup
{
private IServiceCollection _services;
public Startup(IConfiguration configuration, IWebHostEnvironment environment)
{
Configuration = configuration;
Environment = environment;
SportFacilityUnitSettings = configuration.Get<SportFacilityUnitSettings>();
}
public IConfiguration Configuration { get; }
public IWebHostEnvironment Environment { get; }
public SportFacilityUnitSettings SportFacilityUnitSettings { get; }
public void ConfigureServices(IServiceCollection services)
{
services.AddCors();
services.AddMvc(option => option.EnableEndpointRouting = false);
services.AddSubstructure(Configuration, Environment, SportFacilityUnitSettings);
services.AddApplication();
services.AddScoped<IPasswordHasher<User>, PasswordHasher<User>>();
var appSettingsSection = Configuration.GetSection("AppSettings");
services.Configure<AppSettings>(appSettingsSection);
var appSettings = appSettingsSection.Get<AppSettings>();
var key = Encoding.ASCII.GetBytes(appSettings.Secret);
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(x =>
{
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false
};
});
services.AddControllers().AddNewtonsoftJson(options =>
options.SerializerSettings.ReferenceLoopHandling = Newtonsoft.Json.ReferenceLoopHandling.Ignore
);
services.Configure<AppSettings>(Configuration.GetSection("AppSettings"));
services.AddHttpContextAccessor();
_services = services;
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseCors(
options => options.SetIsOriginAllowed(x => _ = true).AllowAnyMethod().AllowAnyHeader().AllowCredentials()
);
app.UseMvc();
app.UseHsts();
app.UseMiddleware<JwtMiddleware>();
app.UseAuthentication();
app.UseRouting();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
}
Web Api在上单独运行https://localhost:44316/
从角度调用的方法的终点如下所示:
[ApiController]
[Route("api/[controller]")]
public class UserController : ControllerBase
{
private readonly IUserService userService;
public UserController(IUserService userService)
{
this.userService = userService;
}
[HttpPost("Authenticate")]
public async Task<IActionResult> Authenticate(AuthenticationModel model)
{
return Ok(await userService.Login(model));
}
}
[ApiController]
[路由(“api/[控制器]”)]
公共类UserController:ControllerBase
{
专用只读IUserService用户服务;
公共用户控制器(IUserService用户服务)
{
this.userService=userService;
}
[HttpPost(“验证”)]
公共异步任务身份验证(AuthenticationModel)
{
返回Ok(等待userService.Login(model));
}
}
我最关心的是我的启动文件。到目前为止,我试图改变那里的CORS设置,但没有成功的结果。Startup.cs文件的代码如下所示
简要说明:
ConfigureServices方法中的两行代码使用了我的一些外部函数,其目的是:
- AddSubstracture:将所有存储库注册为瞬态,并注册DbContext
- AddApplication:将存储库上一层的服务注册为瞬态
@Injectable({
providedIn: 'root'
})
export class AuthenticationService {
apiUrl: string = "";
constructor(private http: HttpClient) {
this.apiUrl = 'https://localhost:44316';
}
login(Username: any, Password: any){
return this.http.post<Observable<ResultItem<AuthenticationResponse>>>(this.apiUrl + "/api/User/Authenticate", {Username: Username, Password: Password});
}
}
public class Startup
{
private IServiceCollection _services;
public Startup(IConfiguration configuration, IWebHostEnvironment environment)
{
Configuration = configuration;
Environment = environment;
SportFacilityUnitSettings = configuration.Get<SportFacilityUnitSettings>();
}
public IConfiguration Configuration { get; }
public IWebHostEnvironment Environment { get; }
public SportFacilityUnitSettings SportFacilityUnitSettings { get; }
public void ConfigureServices(IServiceCollection services)
{
services.AddCors();
services.AddMvc(option => option.EnableEndpointRouting = false);
services.AddSubstructure(Configuration, Environment, SportFacilityUnitSettings);
services.AddApplication();
services.AddScoped<IPasswordHasher<User>, PasswordHasher<User>>();
var appSettingsSection = Configuration.GetSection("AppSettings");
services.Configure<AppSettings>(appSettingsSection);
var appSettings = appSettingsSection.Get<AppSettings>();
var key = Encoding.ASCII.GetBytes(appSettings.Secret);
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(x =>
{
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false
};
});
services.AddControllers().AddNewtonsoftJson(options =>
options.SerializerSettings.ReferenceLoopHandling = Newtonsoft.Json.ReferenceLoopHandling.Ignore
);
services.Configure<AppSettings>(Configuration.GetSection("AppSettings"));
services.AddHttpContextAccessor();
_services = services;
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseCors(
options => options.SetIsOriginAllowed(x => _ = true).AllowAnyMethod().AllowAnyHeader().AllowCredentials()
);
app.UseMvc();
app.UseHsts();
app.UseMiddleware<JwtMiddleware>();
app.UseAuthentication();
app.UseRouting();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
}
公共类启动
{
私人IServiceCollection服务;
公共启动(IConfiguration配置、IWebHostEnvironment环境)
{
配置=配置;
环境=环境;
SportFacilityUnitSettings=配置。获取();
}
公共IConfiguration配置{get;}
公共IWebHostEnvironment环境{get;}
公共体育设施设施设施设置体育设施设施设施设施设置{get;}
public void配置服务(IServiceCollection服务)
{
services.AddCors();
services.AddMvc(option=>option.EnableEndpointRouting=false);
服务。添加下部结构(配置、环境、运动设施及其设置);
services.AddApplication();
services.addScope();
var appsetingssection=Configuration.GetSection(“AppSettings”);
services.Configure(应用设置部分);
var appSettings=appSettingsSection.Get();
var key=Encoding.ASCII.GetBytes(appSettings.Secret);
services.AddAuthentication(x=>
{
x、 DefaultAuthenticateScheme=JwtBearerDefaults.AuthenticationScheme;
x、 DefaultChallengeScheme=JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(x=>
{
x、 RequireHttpsMetadata=false;
x、 SaveToken=true;
x、 TokenValidationParameters=新的TokenValidationParameters
{
ValidateSuersigningKey=true,
IssuerSigningKey=新对称性安全密钥(密钥),
validateisuer=false,
ValidateAudience=false
};
});
services.AddControllers().AddNewtonsoftJson(选项=>
options.SerializerSettings.ReferenceLoopHandling=Newtonsoft.Json.ReferenceLoopHandling.Ignore
);
services.Configure(Configuration.GetSection(“AppSettings”);
AddHttpContextAccessor();
_服务=服务;
}
public void配置(IApplicationBuilder应用程序、IWebHostEnvironment环境)
{
app.UseCors(
options=>options.SetIsOriginAllowed(x=>=true).AllowAnyMethod().AllowAnyHeader().AllowCredentials()
);
app.UseMvc();
app.UseHsts();
app.UseMiddleware();
app.UseAuthentication();
app.UseRouting();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseAuthorization();
app.UseEndpoints(端点=>
{
endpoints.MapControllers();
});
}
}
当我点击用于发送请求的登录按钮时,我在web浏览器控制台中收到以下错误
访问位于“”的XMLHttpRequesthttps://localhost:44316/api/User/Authenticate“起源”http://localhost:4200'已被CORS策略阻止:请求的资源上不存在'Access Control Allow Origin'标头
最奇怪的是,当我调试它,并在Api层设置一个断点时,调试器点击它,然后它进入服务层并在身份验证方法中的某个地方失败。转到承载应用程序的IIS,检查是否正确设置了以下信息 #步骤1:IIS-->HTTP响应头] #步骤2::在IIS下托管的API应用程序中设置4个字段 #步骤3:如果上述两个步骤不起作用,请确保按照msdn信息为应用程序启用cors 步骤4::调查您在web API中使用的标题信息,以及IIS设置是否允许(如步骤1所述) 步骤5::在身份验证方法中放置一个断点,查看其失败的位置和原因。您也可以从该错误信息中获得更多线索 步骤6:尝试从前端启用CrossDomain
步骤7:尝试为应用程序(调用的应用程序和被调用的应用程序)启用https转到承载应用程序的IIS,检查是否正确设置了以下信息 #步骤1:IIS-->HTTP响应头] #步骤2::在IIS下托管的API应用程序中设置4个字段 #步骤3:如果上述两个步骤不起作用,请确保按照msdn信息为应用程序启用cors St