一切都很好,几天前,我的应用程序崩溃了。我不知道为什么会这样。我收到了错误
XMLHttpRequest无法加载http://localhost:57859/token。没有 请求中存在“Access-Control-Allow-Origin”标头 资源。因此不允许来源“http://localhost:4400” 访问。
所以我改变了服务http://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
// Web API configuration and services
config.EnableCors();
和控制器
[EnableCors(origins: "*", headers: "*", methods: "*")]
我收到新错误
'Access-Control-Allow-Origin'中不能使用通配符'*' 凭证标志为true时的标头。起源 因此,“http://localhost:4400”不允许访问。
如何在我的项目中禁用corse?安全吗?我听说过cordova自动禁用corse
我的代码是
$.ajax({
async: false,
type: "POST",
xhrFields: {
withCredentials: true
},
crossDomain: true,
dataType: "json",
xhrFields: {
withCredentials: true
},
url: "http://localhost:57859/token",//Clouda.Settings.signInUrl
dataType: "json",
data: "grant_type=password&username=mario&password=gitara",//"grant_type=password&username="+login+"&password="+password,
success: function (data, textStatus, jqXHR) {
if (data['succes'] === true) {
}
//tworzenie sesji
var today = new Date();
var expirationDate = new Date();
expirationDate.setTime(today.getTime() + Clouda.Settings.sesstionTimeoutInMSec);
Clouda.Session.getInstance().set({
userProfileModel: data['token_type'],
sessionId: data['access_token'],
expirationDate: expirationDate,
keepSignedIn: me.$chkKeepSignedIn.is(":checked")
});
$.mobile.navigate(me.bookingsPageId);
return;
},
error: function (xhr, ajaxOptions, thrownError) {
alert(JSON.stringify(xhr));
alert(thrownError);
}
});
和授权服务器
using System; using Microsoft.Owin; using Microsoft.Owin.Security.OAuth; using Owin; using Clouda.Provider; using Microsoft.AspNet.Identity; using Microsoft.AspNet.Identity.EntityFramework; using Microsoft.AspNet.Identity.Owin; using Clouda.Models; using System.Web.Http.Cors;
[assembly: OwinStartup(typeof(Clouda.Startup))]
namespace Clouda { [EnableCors(origins: "*", headers: "*", methods: "*")] public class Startup
{
public void Configuration(IAppBuilder app)
{
app.CreatePerOwinContext<cloudAEntities>(() => new cloudAEntities());
app.CreatePerOwinContext<UserManager<IdentityUser>>(CreateManager);
//token generation
app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(60),
Provider = new SimpleAuthorrizationServerProvider()
});
// Token Generation
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
//app.UseWebApi(WebApiConfig.Register());
}
private static UserManager<IdentityUser> CreateManager(IdentityFactoryOptions<UserManager<IdentityUser>> options, IOwinContext context)
{
var userStore = new UserStore<IdentityUser>(context.Get<cloudAEntities>());
var manager = new UserManager<IdentityUser>(userStore);
return manager;
}
} }