我正在尝试向受AAD保护的Azure Web服务发出CORS请求。正在进行调用的应用程序没有后端代码 - 只有html + js。 我使用adal.js,设置了所有内容(Azure Web App,adal.js配置),我可以使用adal.js接收令牌(我可以使用高级REST客户端检查它是否有效)。
问题是当我尝试拨打如下电话时:
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr) {
// XHR for Chrome/Firefox/Opera/Safari.
xhr.open(method, url, true);
} else if (typeof XDomainRequest != "undefined") {
// XDomainRequest for IE.
xhr = new XDomainRequest();
xhr.open(method, url);
} else {
// CORS not supported.
xhr = null;
}
xhr.withCredentials = true;
xhr.onload = function () { ... };
xhr.onerror = function (error) { ... };
xhr.send()
我收到了
XMLHttpRequest cannot load
<myAppUrl>. Redirect
from <myAppUrl> to
'https://login.windows.net/<guid>/oauth2/authorize?response_type=code+id_token&redirect_uri=<myAppUrl>%2F.auth%2Flogin%2Faad%2Fcallback&client_id=<guid>&scope=openid+profile+email&response_mode=form_post&nonce=cdf7754a3d66498baad6809f3de0b0ae_20170910165538&state=redir%3D%252Fapi%252FValues'
has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is
present on the requested resource. Origin 'http://localhost:59672' is
therefore not allowed access.
我只能猜测是因为授权标头未正确传递,因此目标应用程序想要重定向我才能登录。事实上,请求中没有授权标头...
如果我尝试手动添加此标题
xhr.setRequestHeader("Authorization", "Bearer " + token);
我收到了
XMLHttpRequest cannot load
<myAppUrl>. Response for preflight is invalid (redirect)
我尝试了多个教程(即这个article),但总是有后端代码加载一些nuget包 - 我只有html + js。
死路一条。任何想法如何使其工作?它甚至可能吗?
答案 0 :(得分:0)
@juunas:我的猜测非常相似 - 这是认证的一些想法。也许adal.js没有正确处理?特别是我写的:在任何请求中都没有授权标头...而AFAIK adal.js应该处理所有请求并添加这样的标题(通过http://www.cloudidentity.com/blog/2015/02/19/introducing-adal-js-v1/) 我的配置:
window.config = {
instance: 'https://login.microsoftonline.com/',
tenant: '<myTenant>',
clientId: '<myGuid>', //in old Azure Portal it calls: Client ID. In new Azure Portal it's Application ID'
postLogoutRedirectUri: window.location.origin,
cacheLocation: 'sessionStorage', // Tried with localStorage as well
endpoints: {
// The domain of API (requsets are made TO)
// And the same client id as above
"<myAppUrl>": "<myGuid>"
}
};