C# CORS：飞行前工作，但主请求失败_C#_Angular_Asp.net Web Api_Asp.net Web Api2

C# CORS：飞行前工作，但主请求失败

c# angular asp.net-web-api

C# CORS：飞行前工作，但主请求失败,c#,angular,asp.net-web-api,asp.net-web-api2,C#,Angular,Asp.net Web Api,Asp.net Web Api2,我已经用OWIN.Cors设置了C#WebApi 2.2，如下所示： public void Configuration(IAppBuilder app) { app.UseCors(CorsOptions.AllowAll); IdentityModelEventSource.ShowPII = true; ServicePointManager.Expect100Continue = true;

我已经用OWIN.Cors设置了C#WebApi 2.2，如下所示：

public void Configuration(IAppBuilder app)
        {
            app.UseCors(CorsOptions.AllowAll);

            IdentityModelEventSource.ShowPII = true;
            ServicePointManager.Expect100Continue = true;
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
            | SecurityProtocolType.Tls11
            | SecurityProtocolType.Tls12
            | SecurityProtocolType.Ssl3;

            ConfigureAuth(app);
        }

并且在

Web.config

<handlers>
  <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
  <remove name="OPTIONSVerbHandler" />
  <remove name="TRACEVerbHandler" />
  <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>

但是Get请求失败并出现错误（请注意，WebApi控制器中的端点甚至没有命中）：

控制台日志中的错误：

访问位于的XMLHttpRequest 'https://localhost:44366/General/AppSiteSettings/dev?hostname=localhost' 源于https://localhost:4200'已被CORS策略阻止：请求的服务器上不存在“Access Control Allow Origin”标头资源

Chrome网络选项卡中出现错误

跨源资源共享错误：缺少AllowOriginHeader

检查失败的请求时。这就是我发现的：

**Response Headers:**
    access-control-expose-headers: Request-Context
    cache-control: private
    content-length: 40070
    content-type: text/html; charset=utf-8
    date: Sun, 30 May 2021 05:10:43 GMT
    request-context: appId=cid-v1:04c910be-c0d6-4c56-b923-d591b73940c1
    server: Microsoft-IIS/10.0
    x-aspnet-version: 4.0.30319
    x-powered-by: ASP.NET
    x-sourcefiles: =?UTF-8?B?RTpcRHJvcGJveFxTbWFydFRhc2tcQmFja2VuZFxTbWFydFRhc2suQ29yZVxTbWFydFRhc2suV2ViQXBpXEdlbmVyYWxcQXBwU2l0ZVNldHRpbmdzXGRldg==?=

**Request Headers:**
    :authority: localhost:44366
    :method: GET
    :path: /General/AppSiteSettings/dev
    :scheme: https
    accept: application/json, text/plain, */*
    accept-encoding: gzip, deflate, br
    accept-language: en,en-GB;q=0.9,en-US;q=0.8
    authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjY....
    cookie: _ga=GA1.1.1.....
    origin: https://localhost:4200
    referer: https://localhost:4200/
    sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Google Chrome";v="90"
    sec-ch-ua-mobile: ?0
    sec-fetch-dest: empty
    sec-fetch-mode: cors
    sec-fetch-site: same-site
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36

我想确认我的设置是否正常工作，因此我删除了Web.config部分，现在响应也失败了，示例如下：

**Response Headers**
    access-control-allow-credentials: true
    access-control-allow-headers: authorization
    access-control-allow-origin: https://localhost:4200
    access-control-expose-headers: Request-Context
    content-length: 0
    date: Sun, 30 May 2021 05:10:41 GMT
    request-context: appId=cid-v1:04c910be-c0d6-4c56-b923-d591b73940c1
    server: Microsoft-IIS/10.0
    x-powered-by: ASP.NET
    x-sourcefiles: =?UTF-8?B?RTpcRHJvcGJveFxTbWFydFRhc2tcQmFja2VuZFxTbWFydFRhc2suQ29yZVxTbWFydFRhc2suV2ViQXBpXEdlbmVyYWxcQXBwU2l0ZVNldHRpbmdzXGRldg==?=

**Request Headers**
    :authority: localhost:44366
    :method: OPTIONS
    :path: /General/AppSiteSettings/dev
    :scheme: https
    accept: */*
    accept-encoding: gzip, deflate, br
    accept-language: en,en-GB;q=0.9,en-US;q=0.8
    access-control-request-headers: authorization
    access-control-request-method: GET
    origin: https://localhost:4200
    referer: https://localhost:4200/
    sec-fetch-dest: empty
    sec-fetch-mode: cors
    sec-fetch-site: same-site
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36

**Response Headers**
    allow: OPTIONS, TRACE, GET, HEAD, POST
    content-length: 0
    date: Sun, 30 May 2021 05:00:39 GMT
    public: OPTIONS, TRACE, GET, HEAD, POST
    server: Microsoft-IIS/10.0
    x-powered-by: ASP.NET
    x-sourcefiles: =?UTF-8?B?RTpcRHJvcGJveFxTbWFydFRhc2tcQmFja2VuZFxTbWFydFRhc2suQ29yZVxTbWFydFRhc2suV2ViQXBpXEdlbmVyYWxcQXBwU2l0ZVNldHRpbmdzXGRldg==?=
**Request Headers:**
    :authority: localhost:44366
    :method: OPTIONS
    :path: /General/AppSiteSettings/dev
    :scheme: https
    accept: */*
    accept-encoding: gzip, deflate, br
    accept-language: en,en-GB;q=0.9,en-US;q=0.8
    access-control-request-headers: authorization
    access-control-request-method: GET
    origin: https://localhost:4200
    referer: https://localhost:4200/
    sec-fetch-dest: empty
    sec-fetch-mode: cors
    sec-fetch-site: same-site
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36

作为结论，我认为CORs至少在

选项

请求方面工作得很好，但主要请求都失败了。有趣的是GET请求甚至没有到达控制器中的端点

如果您对如何解决此问题有任何想法，请务必告诉我。

get上的响应状态如何？是200还是500我猜从前端我猜，在Chrome的状态栏中显示“Cors错误”，没有状态代码。你应该在控制台的某个地方还有某种状态代码。如果下面的答案不起作用，请将控制台错误添加到问题中并添加控制台日志