C# 如何避免ASP.Net Core 2 WebAPI站点的域登录提示—该站点处理CORS以及Windows集成安全性
我试图建立一个DotnetCore2.1WebAPI站点,用于返回一些json数据 后端必须使用Windows身份验证(Windows集成安全)对用户进行身份验证,因为这将在内部Windows域上使用 由于请求将从客户端单页应用程序发出,因此解决方案还必须处理CORS。最后,我们还将仅在HTTPS中运行此功能 因此,客户端将向请求中设置了C# 如何避免ASP.Net Core 2 WebAPI站点的域登录提示—该站点处理CORS以及Windows集成安全性,c#,asp.net-web-api,https,.net-core,cors,C#,Asp.net Web Api,Https,.net Core,Cors,我试图建立一个DotnetCore2.1WebAPI站点,用于返回一些json数据 后端必须使用Windows身份验证(Windows集成安全)对用户进行身份验证,因为这将在内部Windows域上使用 由于请求将从客户端单页应用程序发出,因此解决方案还必须处理CORS。最后,我们还将仅在HTTPS中运行此功能 因此,客户端将向请求中设置了credentials=include的WebAPI发送一个获取请求 为了处理CORS,我将站点设置为使用匿名和Windows身份验证,因为CORS选项HTTP
credentials=include有什么想法吗?要在WebApiConfig上注册课程:
config.MessageHandlers.Add(new CorsHandler());
public class CorsHandler : DelegatingHandler
{
const string Origin = "Origin";
const string AccessControlRequestMethod = "Access-Control-Request-Method";
const string AccessControlRequestHeaders = "Access-Control-Request-Headers";
const string AccessControlAllowOrigin = "Access-Control-Allow-Origin";
const string AccessControlAllowMethods = "Access-Control-Allow-Methods";
const string AccessControlAllowHeaders = "Access-Control-Allow-Headers";
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
bool isCorsRequest = request.Headers.Contains(Origin);
bool isPreflightRequest = request.Method == HttpMethod.Options;
if (isCorsRequest)
{
if (isPreflightRequest)
{
return Task.Factory.StartNew<HttpResponseMessage>(() =>
{
HttpResponseMessage response = new HttpResponseMessage(HttpStatusCode.OK);
response.Headers.Add(AccessControlAllowOrigin, request.Headers.GetValues(Origin).First());
string accessControlRequestMethod = request.Headers.GetValues(AccessControlRequestMethod).FirstOrDefault();
if (accessControlRequestMethod != null)
{
response.Headers.Add(AccessControlAllowMethods, accessControlRequestMethod);
}
string requestedHeaders = string.Join(", ", request.Headers.GetValues(AccessControlRequestHeaders));
if (!string.IsNullOrEmpty(requestedHeaders))
{
response.Headers.Add(AccessControlAllowHeaders, requestedHeaders);
}
return response;
}, cancellationToken);
}
else
{
return base.SendAsync(request, cancellationToken).ContinueWith<HttpResponseMessage>(t =>
{
HttpResponseMessage resp = t.Result;
resp.Headers.Add(AccessControlAllowOrigin, request.Headers.GetValues(Origin).First());
return resp;
});
}
}
else
{
return base.SendAsync(request, cancellationToken);
}
}
}
公共类CorsHandler:DelegatingHandler
{
常量字符串Origin=“Origin”;
const string AccessControlRequestMethod=“访问控制请求方法”;
const string AccessControlRequestHeaders=“访问控制请求头”;
常量字符串AccessControlAllowOrigin=“访问控制允许原点”;
const string AccessControlAllowMethods=“访问控制允许方法”;
const string accesscontrolalloweaders=“访问控制允许标头”;
受保护的覆盖任务SendAsync(HttpRequestMessage请求,CancellationToken CancellationToken)
{
bool isCorsRequest=request.Headers.Contains(来源);
bool isPreflightRequest=request.Method==HttpMethod.Options;
如果(isCorsRequest)
{
如果(isPreflightRequest)
{
返回Task.Factory.StartNew(()=>
{
HttpResponseMessage response=新的HttpResponseMessage(HttpStatusCode.OK);
Add(AccessControlAllowOrigin、request.Headers.GetValues(Origin.First());
字符串accessControlRequestMethod=request.Headers.GetValues(accessControlRequestMethod.FirstOrDefault();
if(accessControlRequestMethod!=null)
{
Add(AccessControlAllowMethods,accessControlRequestMethod);
}
string requestedHeaders=string.Join(“,”,request.Headers.GetValues(AccessControlRequestHeaders));
如果(!string.IsNullOrEmpty(requestedHeaders))
{
添加(AccessControlAllowHeaders、requestedHeaders);
}
返回响应;
},取消令牌);
}
其他的
{
返回base.SendAsync(请求,取消令牌).ContinueWith(t=>
{
httpresponsemessageresp=t.结果;
resp.Headers.Add(AccessControlAllowOrigin,request.Headers.GetValues(Origin.First());
返回响应;
});
}
}
其他的
{
返回base.sendaync(请求、取消令牌);
}
}
}