C# 角度8+;Jwt+;[授权]+;dotnetcore2.1api+;Chrome post请求失败,出现cors错误
我知道这是我过去遇到的一个非常常见的问题,但我总是能够在DotNet Core Api startup.cs中启用cors来处理它,但这次发生的事情似乎有点奇怪 我的Angular 8应用程序在登录时首先执行post请求(该请求不包含httpHeader,因为还没有令牌),并且它可以工作(我之前已启用cors使其工作) 在我得到一个令牌后,我将其存储在localstorage中以备以后使用,但令我大吃一惊的是,当api控制器有[Authorize]标记并且post包含带有令牌的标头时,请求失败,出现cors错误,甚至没有命中服务器方法 vscode控制台中出现错误:C# 角度8+;Jwt+;[授权]+;dotnetcore2.1api+;Chrome post请求失败,出现cors错误,c#,angular,.net-core,jwt,token,C#,Angular,.net Core,Jwt,Token,我知道这是我过去遇到的一个非常常见的问题,但我总是能够在DotNet Core Api startup.cs中启用cors来处理它,但这次发生的事情似乎有点奇怪 我的Angular 8应用程序在登录时首先执行post请求(该请求不包含httpHeader,因为还没有令牌),并且它可以工作(我之前已启用cors使其工作) 在我得到一个令牌后,我将其存储在localstorage中以备以后使用,但令我大吃一惊的是,当api控制器有[Authorize]标记并且post包含带有令牌的标头时,请求失败,
Access to XMLHttpRequest at 'http://localhost:55909/api/manifest/add' from origin 'http://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. [http://localhost:4200/]
this.headers = new HttpHeaders({
'Authorization': 'Bearer ' + JSON.parse(localStorage.getItem('currentUser')).token,
'Content-Type': 'application/json'
});
return this.http.post<any>(`${environment.apiUrl}/api/manifest/add`, { name, surname, seat, flight }, { headers: this.headers })
.pipe(map(result => {
return result;
}));
public void ConfigureServices(IServiceCollection services)
{
services.AddHttpContextAccessor();
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
// Add functionality to inject IOptions<T>
services.AddOptions();
// Add our Config object so it can be injected
services.Configure<AppSettings>(Configuration.GetSection("AppSettings"));
services.AddCors(o => o.AddPolicy("Cors", builder =>
{
builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowCredentials()
.AllowAnyHeader();
}));
//Add repository to scope
services.AddScoped<UserRepository>();
services.AddScoped<PassengerRepository>();
//sql connection and context (with crypted pass)
var connection = getConnectionString();
services.AddDbContext<Context>(options => options.UseSqlServer(connection));
}
public void配置服务(IServiceCollection服务)
{
AddHttpContextAccessor();
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
//添加功能以注入IOptions
services.AddOptions();
//添加我们的配置对象,以便可以注入它
services.Configure(Configuration.GetSection(“AppSettings”);
services.AddCors(o=>o.AddPolicy(“Cors”,builder=>
{
builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowCredentials()
.AllowAnyHeader();
}));
//将存储库添加到范围
services.addScope();
services.addScope();
//sql连接和上下文(带有加密的过程)
var connection=getConnectionString();
services.AddDbContext(options=>options.UseSqlServer(connection));
}
请帮忙:)经过几个小时的苦苦挣扎,我发现: 首先我忘了用
app.UseAuthentication();
[Authorize]
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
"AspNet.Security.OAuth.Validation"
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("thisisasupersecuresecretkey")),
RequireSignedTokens = false,
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = "http://localhost:55909",
ValidAudience = "http://localhost:55909"
};
});
[Authorize]
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
"AspNet.Security.OAuth.Validation"
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("thisisasupersecuresecretkey")),
RequireSignedTokens = false,
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = "http://localhost:55909",
ValidAudience = "http://localhost:55909"
};
});