当我不是[AllowAnonymous]时,我遇到了控制器操作的问题。
我可以完美地从Postman运行该方法,但不能从我的UI中运行,我只是看不出根本不同的东西。我在localhost:4200上运行应用程序,但我添加了一个CORS规则
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>(options => options.UseSqlServer(Configuration.GetConnectionString("ApplicationUsers")));
// services.AddDbContext<TransactionsDbContext>(options => options.UseSqlServer(Configuration.GetConnectionString("TransactionsConnection")));
// Add application services.
services.AddTransient<IEmailSender, EmailSender>();
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>().AddDefaultTokenProviders();
services.AddAuthentication()
.AddJwtBearer(options =>
{
options.RequireHttpsMetadata = false;
options.SaveToken = true;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = "broker.Web.com",
ValidAudience = "broker.Web.com",
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecurityKey"]))
};
});
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder => builder.WithOrigins("http://localhost:4200") // .AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
});
//services.AddAntiforgery();
services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
services.AddMvc();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseStaticFiles();
app.UseAuthentication();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseBrowserLink();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
//app.UseCors(builder =>
// builder.WithOrigins("http://localhost:4200")
// .AllowAnyOrigin()
// .AllowAnyHeader()
// .AllowAnyMethod());
app.UseCors("CorsPolicy");
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
控制器
[Authorize]
[Produces("Application/json")]
[Route("[controller]/[action]")]
public class SubsidiariesController : BaseController
{
public SubsidiariesController(ApplicationDbContext userCtx, IHttpContextAccessor context, ILogger<ProductsController> logger, IConfiguration config) :
base(userCtx, context, logger, config)
{
}
//[AllowAnonymous]
[HttpPost(Name = "GetSubsidiaries")]
public List<Subsidiaries> GetSubsidiaries()
{
ApplicationUser currentUser = base.GetCurrentUser();
List<Subsidiaries> subsidiaries = null;
if (User != null)
{
SubsidiariesRepository subsidiariesRepository = new SubsidiariesRepository(Configuration.GetConnectionString("TransactionsConnection"));
try
{
subsidiaries = subsidiariesRepository.GetForCustomer(currentUser.CustomersId);
}
catch (Exception e)
{
Logger.LogCritical(String.Format("Could not get sectors. Error: {0}\n{1}", e.Message, e.StackTrace));
}
}
return (subsidiaries);
}
}
Angular客户端
ngOnInit() {
if (this.globalVars.token == null)
this.router.navigate(['login']);
var headers = new HttpHeaders();
headers.append('Content-Type', 'text/plain');
headers.append('Authorization', 'Bearer ' + this.globalVars.token);
console.log("calling " + this.settings.settings.server + 'Subsidiaries/GetSubsidiaries');
// http://localhost:54499/Subsidiaries/GetSubsidiaries
this.http.post(this.settings.settings.server + 'Subsidiaries/GetSubsidiaries',
null, { headers: headers }).subscribe(
res => {
console.log(res);
},
err => {
this.lastError = err.statusText;
console.log("Error occured\n" + err);
}
);
}
我已经玩了好几年了,我真的需要一些帮助 - 非常感谢!
答案 0 :(得分:-1)
如果您要检查标题,则会注意到它们未被设置。那是因为let headers = new HttpHeaders();
headers = headers.append('Content-Type', 'text/plain');
headers = headers.append('Authorization', 'Bearer ' + this.globalVars.token);
是不可变的,所以所有的变异操作都返回一个新实例。所以在设置标题时你需要做的是:
let headers = new HttpHeaders()
.append('Content-Type', 'text/plain')
.append('Authorization', 'Bearer ' + this.globalVars.token)
或清洁:
os.system('test^(1).exe')