ServiceStack JsonServiceClient(TypeScript):从CORS进行身份验证后不要转到请求

时间:2017-06-20 08:58:08

标签: cors servicestack

我如上所述配置了服务:

Plugins.Add(new CorsFeature(
      allowCredentials: true,
      allowedMethods: "GET, POST, PUT, DELETE, OPTIONS",
      allowedHeaders: "Content-Type, Allow, Authorization, Origin",
      allowOriginWhitelist: new[]
             {
                    "http://localhost:4200",
                    "http://localhost:63342",
                    "http://localhost:63342",
                    "http://localhost:3000",
                    "http://my.site.com"
             }));

我有2个函数Login()和GetContacts()

class AppComponent {
***
      constructor(){
        this.client = new JsonServiceClient("http://my.site.com");
      }

      async Login(){

        var auth = new wbs.Authenticate();
        auth.UserName = this.username;
        auth.Password = this.password;

        var authResponse = await this.client.post(auth);

        console.log(authResponse);
      }

      async GetContacts(){
        try {
          this.contacts = await this.client.post(new wbs.Contacts_Get());
          console.log(this.contacts);
        } catch(e) {
          this.contacts = [];
          console.log("Failed to get:", e.responseStatus);
        }
      }
}

“servicestack-client”:“0.0.36”,

我依次调用这些函数:

1. Login()
2. ContactsGet()

如果我在IIS Express上运行本地,但是当我部署到IIS服务器时,它无法运行。登录运行正常,但在Internet explorere和Safari ContactsGet失败时,它返回状态401,但在Chrome中运行。

请帮忙,我的错误是什么?谢谢!

enter image description here

enter image description here

enter image description here

IIS设置

enter image description here

更新 

var authFeature = new AuthFeature(
        () => new MyUserSession(),
        new[] { new MyCredentialsAuthProvider()
});

public class MyCredentialsAuthProvider : CredentialsAuthProvider {
        private Userslogic users => Userslogic.Instance;

        public override bool TryAuthenticate(IServiceBase authService, string userName, string password) {

            if (!users.CheckUserNameAndPassword(userName, password))
                return false;

            var session = authService.GetSession(false);

            session.IsAuthenticated = true;

            return true;
        }
    }

AuthRequet:

enter image description here

ContactsGetRequest: enter image description here

2 个答案:

答案 0 :(得分:1)

您的问题是因为客户端没有发送带有请求的Cookie且由于您的CORS配置无效而未发送Cookie,allowOriginWhitelist网址需要完全匹配与主机名相同请求被发送到,在这种情况下是http://109.120.152.165

每当HTTP客户端中的后续请求不遵守先前请求的Set-Cookie响应标头时,您的CORS配置无效,您需要调查其原因。

答案 1 :(得分:0)

在该问题的研究中发现问题出在客户端而不是服务器ServiceStack上,这样的限制有浏览器IE和Safari。

  1. IE - https://stackoverflow.com/a/22450633/7015077
  2. Safari - https://stackoverflow.com/a/486569/7015077
相关问题
最新问题