我有以下 WebApi C# 控制器:
[RoutePrefix("api/users")]
[EnableCors(origins: "http://pincopalli.com", headers: "*", methods: "*")]
public class UserController : ApiController
{
[Route("checkusername/{_username}")]
[HttpGet]
public bool CheckUsername(string _username)
{
try
{
using (BugMeEntities database = new BugMeEntities())
{
database.Database.Connection.Open();
if (database.users.Where(x => x.name.Equals(_username)).FirstOrDefault() != null)
{
return false;
}
}
return true;
}
catch(Exception ex)
{
return false;
}
}
[Route("checkemail/{_email}")]
[HttpGet]
public bool CheckEmail(string _email)
{
try
{
using (BugMeEntities database = new BugMeEntities())
{
database.Database.Connection.Open();
if (database.users.Where(x => x.email.Equals(_email)).FirstOrDefault() != null)
{
return false;
}
}
return true;
}
catch (Exception ex)
{
return false;
}
}
[DisableCors]
[Route("register")]
[HttpPost]
public User.Response Register([FromBody]User.Register _user)
{
try
{
if(_user.GetType().GetProperties().Select(x => x.GetValue(_user)).Any(x => x != null))
{
using (BugMeEntities database = new BugMeEntities())
{
database.Database.Connection.Open();
if(database.users.Where(x => x.name.Equals(_user.username)).Count() == 0)
{
if (database.users.Where(x => x.email.Equals(_user.email)).Count() == 0)
{
string newPassword = randomPassword();
bool emailSent = Utility.newMail(_user.email, "Benvenuto su BugMe", $"Benvenuto <b>{_user.username}</b>,<br>La nuova password necessaria per accedere è: <b>{newPassword}</b>.");
if (emailSent)
{
users user = new users { name = _user.username, password = newPassword, email = _user.email, active = true };
database.users.Add(user);
database.SaveChanges();
}
return new User.Response { status = true, message = $"Congratulazioni, ti sei registrato con successo! \nAbbiamo inviato un'email a {_user.email} contenente la password necessaria per accedere." };
}
else
{
throw new ArgumentException("Email non disponibile.");
}
}
else
{
throw new ArgumentException("Username non disponibile.");
}
}
}
else
{
throw new ArgumentException("Compilare tutti i campi del form.");
}
}
catch(Exception ex)
{
return new User.Response { status = false, message = ex.Message };
}
}
[DisableCors]
[Route("login")]
[HttpPost]
public User.Response Login([FromBody]User.Login _user)
{
try
{
if (_user.GetType().GetProperties().Select(x => x.GetValue(_user)).Any(x => x != null))
{
using (BugMeEntities database = new BugMeEntities())
{
database.Database.Connection.Open();
users userFetch = database.users.Where(x => x.name.Equals(_user.username) && x.password.Equals(_user.password) && x.active.Equals(true)).FirstOrDefault();
if (userFetch != null)
{
User.Session user = new User.Session
{
id = userFetch.id,
username = userFetch.name,
password = userFetch.password,
email = userFetch.email
};
return new User.Response { status = true, message = JsonConvert.SerializeObject(user) };
}
else
{
throw new ArgumentException("Utente non trovato.");
}
}
}
else
{
throw new ArgumentException("Compilare tutti i campi del form.");
}
}
catch(Exception ex)
{
return new User.Response { status = false, message = ex.Message };
}
}
private static string randomPassword(int lunghezza = 8)
{
const string caratteri = "ABCDEFGHIJKLMNOPQRSTUVXYZ0123456789!$";
string passsword = string.Empty;
Random random = new Random();
for (int i = 0; i < lunghezza; i++)
{
char carattere = caratteri[random.Next(caratteri.Length)];
if (random.Next(0, 2) == 1) { carattere = Char.ToLower(carattere); }
passsword += carattere;
}
return passsword;
}
}
和 JqueryClient 注册电话:
$.ajax({
type: 'POST',
url: api_uri + 'users/register',
data: JSON.stringify(_user),
contentType: 'application/json'
})
我想仅针对注册和登录网络方法停用CORS政策,因此我将 [DisableCors] 属性添加到其中。< / p>
我在 IIS ( localhost:82 )和JqueryClient( localhost:83 )上托管了WebApi项目。
当尝试调用寄存器 Web方法时,我收到 CORS失败参数的错误。
有人可以帮我解决问题吗?
答案 0 :(得分:1)
如果您使用DisableCors,那么您将无法对该操作进行跨域调用。如果您想要通过跨域调用保护您的服务,请使用具有受限域的EnableCors。就像你已经在控制器级别做的那样
[EnableCors(origins: "http://pincopalli.com,http://localhost:83", headers: "*", methods: "*")]
这样只允许来自http://pincopalli.com和http://localhost:83的来电。将拒绝来自所有其他域的呼叫。前 - http://localhost:84或http://contoso.com等。
这样可以确保您的api免受来自您不信任的域名的跨域通话的限制。希望这会有所帮助。