我在理解为什么会遇到一些重大问题"对预检请求的响应没有通过访问控制检查:否' Access-Control-Allow-Origin'标头出现在请求的资源上。原点" 所以为了更好地理解我的webapi项目有一个登录方法。该方法调用另一个api(不同的服务器)进行登录以接收令牌。在客户端中,当我调用另一个项目时,我添加标题(" Access-Control-Allow-Origin"," ")。我还在Azure上启用了cors。我甚至在上面添加了方法[EnableCors(起源:" ",标题:" ",方法:" &# 34;,exposedHeaders:" *&#34)]
这是我的webconfig的高峰
<appSettings>
<add key="LogFilePath" value="c:\SAB.Hosting.WebApi.Log.Xml" />
<add key="LoginAddress" value="https://somewebsite/api/account/Login" />
<add key="GetToken" value="https://somewebsite/api/account/GetToken" />
<add key="RegisterAddress" value="https://somewebsite/api/account/Register" />
<add key="LogoutAddress" value="https://somewebsite/api/account/Logout" />
<add key="RegisterAddress" value="https://somewebsite/api/account/Register" />
<add key="owin:AutomaticAppStartup" value="false" />
</appSettings>
更新:我发现问题不是来自上面的链接。当我在我的api项目和我的wcf服务之间添加SSL证书时,就会发生这种情况。
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="PersonService_HttpEndPoint" />
<binding name="SABService_HttpEndPoint" maxReceivedMessageSize="2147483647">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
<netTcpBinding>
<binding name="PersonService_TcpEndPoint">
<security mode="None" />
</binding>
<binding name="SABService_TcpEndPoint">
<security mode="None" />
</binding>
</netTcpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="CertBehavior">
<clientCredentials>
<clientCertificate x509FindType="FindByThumbprint" findValue="93F67C44F8RB0DC5FD1CA8013F256B8F84C8E08G" storeLocation="CurrentUser" storeName="My" />
<!--<clientCertificate findValue="PFX" x509FindType= "FindByExtension" />-->
</clientCredentials>
<callbackDebug includeExceptionDetailInFaults="True" />
</behavior>
</endpointBehaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<client>
<endpoint address="https://someaddress/SABService.svc" behaviorConfiguration="CertBehavior" binding="basicHttpBinding" bindingConfiguration="SABService_HttpEndPoint" contract="SABServiceReference.ISABService" name="SABService_HttpEndPoint" />
<endpoint address="https://someaddress/PersonService.svc" behaviorConfiguration="CertBehavior" binding="basicHttpBinding" bindingConfiguration="PersonService_HttpEndPoint" contract="PersonServiceReference.IPersonService" name="SABPersonService_HttpEndPoint" />
</client>
</system.serviceModel>
<system.codedom>
<compilers>
<compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.4.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:6 /nowarn:1659;1699;1701" />
<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.4.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:14 /nowarn:41008 /define:_MYTYPE=\"Web\" /optionInfer+" />
</compilers>
</system.codedom>
</configuration>
我不知道为什么我添加ssl证书会在登录时抛出access-control-allow-origin。
等待您的解决方案。
谢谢你, 一个有需要的堕落程序员。
答案 0 :(得分:0)
您应该使用Microsoft.AspNet.WebApi.Cors nuget:
在WebApiConfig中明确启用CORS
public class WebApiConfig
{
// ...
public void Register(HttpConfiguration config)
{
config.EnableCors(new EnableCorsAttribute("<origins>", "<headers>", "<methods>")
{
SupportsCredentials = true // If you need to pass them
});
// ...
}
}