DisableCors不工作

Question

我有以下 WebApi C＃ 控制器：

[RoutePrefix("api/users")]
[EnableCors(origins: "http://pincopalli.com", headers: "*", methods: "*")]
public class UserController : ApiController
{
  [Route("checkusername/{_username}")]
  [HttpGet]
  public bool CheckUsername(string _username)
  {
    try
    {
      using (BugMeEntities database = new BugMeEntities())
      {
          database.Database.Connection.Open();

          if (database.users.Where(x => x.name.Equals(_username)).FirstOrDefault() != null)
          {
              return false;
          }
      }

      return true;
    }
    catch(Exception ex)
    {
      return false;
    }
  }

  [Route("checkemail/{_email}")]
  [HttpGet]
  public bool CheckEmail(string _email)
  {
    try
    {
      using (BugMeEntities database = new BugMeEntities())
      {
          database.Database.Connection.Open();

          if (database.users.Where(x => x.email.Equals(_email)).FirstOrDefault() != null)
          {
              return false;
          }
      }

      return true;
    }
    catch (Exception ex)
    {
      return false;
    }
  }

  [DisableCors]
  [Route("register")]
  [HttpPost]
  public User.Response Register([FromBody]User.Register _user)
  {
    try
    {
      if(_user.GetType().GetProperties().Select(x => x.GetValue(_user)).Any(x => x != null))
      {
          using (BugMeEntities database = new BugMeEntities())
          {
              database.Database.Connection.Open();

              if(database.users.Where(x => x.name.Equals(_user.username)).Count() == 0)
              {
                  if (database.users.Where(x => x.email.Equals(_user.email)).Count() == 0)
                  {
                      string newPassword = randomPassword();

                      bool emailSent = Utility.newMail(_user.email, "Benvenuto su BugMe", $"Benvenuto <b>{_user.username}</b>,<br>La nuova password necessaria per accedere è: <b>{newPassword}</b>.");

                      if (emailSent)
                      {
                          users user = new users { name = _user.username, password = newPassword, email = _user.email, active = true };
                          database.users.Add(user);
                          database.SaveChanges();
                      }

                      return new User.Response { status = true, message = $"Congratulazioni, ti sei registrato con successo! \nAbbiamo inviato un'email a {_user.email} contenente la password necessaria per accedere." };
                  }
                  else
                  {
                      throw new ArgumentException("Email non disponibile.");
                  }
              }
              else
              {
                  throw new ArgumentException("Username non disponibile.");
              }
          }
      }
      else
      {
          throw new ArgumentException("Compilare tutti i campi del form.");
      }
    }
    catch(Exception ex)
    {
      return new User.Response { status = false, message = ex.Message };
    }
  }

  [DisableCors]
  [Route("login")]
  [HttpPost]
  public User.Response Login([FromBody]User.Login _user)
  {
    try
    {
      if (_user.GetType().GetProperties().Select(x => x.GetValue(_user)).Any(x => x != null))
      {
          using (BugMeEntities database = new BugMeEntities())
          {
              database.Database.Connection.Open();

              users userFetch = database.users.Where(x => x.name.Equals(_user.username) && x.password.Equals(_user.password) && x.active.Equals(true)).FirstOrDefault();

              if (userFetch != null)
              {
                  User.Session user = new User.Session
                  {
                      id = userFetch.id,
                      username = userFetch.name,
                      password = userFetch.password,
                      email = userFetch.email
                  };

                  return new User.Response { status = true, message = JsonConvert.SerializeObject(user) };
              }
              else
              {
                  throw new ArgumentException("Utente non trovato.");
              }
          }
      }
      else
      {
          throw new ArgumentException("Compilare tutti i campi del form.");
      }
    }
    catch(Exception ex)
    {
      return new User.Response { status = false, message = ex.Message };
    }
  }

  private static string randomPassword(int lunghezza = 8)
  {
    const string caratteri = "ABCDEFGHIJKLMNOPQRSTUVXYZ0123456789!$";
    string passsword = string.Empty;
    Random random = new Random();

    for (int i = 0; i < lunghezza; i++)
    {
      char carattere = caratteri[random.Next(caratteri.Length)];

      if (random.Next(0, 2) == 1) { carattere = Char.ToLower(carattere); }

      passsword += carattere;
    }

    return passsword;
  }
}

和 JqueryClient 注册电话：

$.ajax({
  type: 'POST',
  url: api_uri + 'users/register',
  data: JSON.stringify(_user),
  contentType: 'application/json'
})

我想仅针对注册和登录网络方法停用CORS政策，因此我将 [DisableCors] 属性添加到其中。< / p>

我在 IIS （ localhost：82 ）和JqueryClient（ localhost：83 ）上托管了WebApi项目。

当尝试调用寄存器 Web方法时，我收到 CORS失败参数的错误。

有人可以帮我解决问题吗？

Answer 1

如果您使用DisableCors，那么您将无法对该操作进行跨域调用。如果您想要通过跨域调用保护您的服务，请使用具有受限域的EnableCors。就像你已经在控制器级别做的那样

[EnableCors(origins: "http://pincopalli.com,http://localhost:83", headers: "*", methods: "*")]

这样只允许来自http://pincopalli.com和http://localhost:83的来电。将拒绝来自所有其他域的呼叫。前 - http://localhost:84或http://contoso.com等。

这样可以确保您的api免受来自您不信任的域名的跨域通话的限制。希望这会有所帮助。

有关详细信息，请参阅：https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/enabling-cross-origin-requests-in-web-api#allowed-origins