C# Asp.net web api oauth cors导致400个错误请求
下面是代码。当我使用邮递员“/令牌”单独请求时,它会起作用。但当我从客户端代码调用时,它会失败,请求错误400次。当我调试时,我可以看到“GrantResourceOwnerCredentials”方法没有被命中。有什么想法吗 客户端代码C# Asp.net web api oauth cors导致400个错误请求,c#,asp.net,asp.net-web-api,oauth,C#,Asp.net,Asp.net Web Api,Oauth,下面是代码。当我使用邮递员“/令牌”单独请求时,它会起作用。但当我从客户端代码调用时,它会失败,请求错误400次。当我调试时,我可以看到“GrantResourceOwnerCredentials”方法没有被命中。有什么想法吗 客户端代码 return this.$http({ url: this.config.remoteUri.account.login, method: "POST", data: { UserName
return this.$http({
url: this.config.remoteUri.account.login,
method: "POST",
data: { UserName: user.name, Password: user.password, grant_type: "password" },
headers: { 'Content-Type': 'application/x-www-form-urlencoded' }
}).success(function (data, status, headers, config) {
// $scope.persons = data; // assign $scope.persons here as promise is resolved here
}).error(function (data, status, headers, config) {
// $scope.status = status;
});
public class Startup
{
public void Configuration(IAppBuilder app)
{
ConfigureOAuth(app);
HttpConfiguration config = new HttpConfiguration();
WebApiConfig.Register(config);
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
app.UseWebApi(config);
}
public void ConfigureOAuth(IAppBuilder app)
{
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(20),
Provider = new ActiveDirectoryAuthorizationProvider()
};
// Token Generation
app.UseOAuthAuthorizationServer(OAuthServerOptions);
}
}
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
var jsonFormatter = config.Formatters.OfType<JsonMediaTypeFormatter>().First();
jsonFormatter.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver();
}
}
第一件事:必须在发出的请求上设置来源标题(选项+发布) 我在其他线程中看到过过滤器的这种实现,但这里是我的,它实际上为我工作-本地和生产服务器:
public override Task MatchEndpoint(OAuthMatchEndpointContext context)
{
if (context.IsTokenEndpoint && context.Request.Method == "OPTIONS")
{
if (!context.OwinContext.Response.Headers.Keys.Contains("Access-Control-Allow-Origin"))
context.OwinContext.Response.Headers.AppendCommaSeparatedValues("Access-Control-Allow-Origin", new[] { ConfigurationManager.AppSettings["allowedOrigin"] });
if (!context.OwinContext.Response.Headers.Keys.Contains("Access-Control-Allow-Headers"))
context.OwinContext.Response.Headers.AppendCommaSeparatedValues("Access-Control-Allow-Headers", new[] { "Accept", "Content-Type", "Authorization", "Cache-Control", "Pragma", "Origin" });
if (!context.OwinContext.Response.Headers.Keys.Contains("Access-Control-Allow-Methods"))
context.OwinContext.Response.Headers.AppendCommaSeparatedValues("Access-Control-Allow-Methods", new[] { "GET", "POST", "PUT", "DELETE", "OPTIONS" });
context.MatchesTokenEndpoint();
context.RequestCompleted();
return Task.FromResult<object>(null);
}
return base.MatchEndpoint(context);
}
public覆盖任务匹配端点(OAuthMatchEndpointContext)
{
if(context.IsTokenEndpoint&&context.Request.Method==“选项”)
{
如果(!context.OwinContext.Response.Headers.Keys.Contains(“访问控制允许源代码”))
context.OwinContext.Response.Headers.AppendCommaSeparatedValues(“访问控制允许源代码”,新[]{ConfigurationManager.AppSettings[“allowedOrigin”]});
如果(!context.OwinContext.Response.Headers.Keys.Contains(“访问控制允许标头”))
context.OwinContext.Response.Headers.AppendCommaSeparatedValues(“访问控制允许标头”,新[]{“接受”,“内容类型”,“授权”,“缓存控制”,“Pragma”,“源代码”});
如果(!context.OwinContext.Response.Headers.Keys.Contains(“访问控制允许方法”))
context.OwinContext.Response.Headers.AppendCommaSeparatedValues(“访问控制允许方法”,new[]{“GET”、“POST”、“PUT”、“DELETE”、“OPTIONS”});
context.MatchesTokenEndpoint();
context.RequestCompleted();
返回Task.FromResult(空);
}
返回base.MatchEndpoint(上下文);
}
如果您仍然有问题,请回复更多详细信息。请注意,要在IE和Edge下工作,需要使用AppendCommaSeparatedValues。您找到问题所在了吗?我面临着同样的问题。在我做了这个修复之后,我也得到了同样的问题。有人帮忙吗?
public override Task MatchEndpoint(OAuthMatchEndpointContext context)
{
if (context.IsTokenEndpoint && context.Request.Method == "OPTIONS")
{
if (!context.OwinContext.Response.Headers.Keys.Contains("Access-Control-Allow-Origin"))
context.OwinContext.Response.Headers.AppendCommaSeparatedValues("Access-Control-Allow-Origin", new[] { ConfigurationManager.AppSettings["allowedOrigin"] });
if (!context.OwinContext.Response.Headers.Keys.Contains("Access-Control-Allow-Headers"))
context.OwinContext.Response.Headers.AppendCommaSeparatedValues("Access-Control-Allow-Headers", new[] { "Accept", "Content-Type", "Authorization", "Cache-Control", "Pragma", "Origin" });
if (!context.OwinContext.Response.Headers.Keys.Contains("Access-Control-Allow-Methods"))
context.OwinContext.Response.Headers.AppendCommaSeparatedValues("Access-Control-Allow-Methods", new[] { "GET", "POST", "PUT", "DELETE", "OPTIONS" });
context.MatchesTokenEndpoint();
context.RequestCompleted();
return Task.FromResult<object>(null);
}
return base.MatchEndpoint(context);
}