我们的网络应用基于此示例Integrating Azure AD into an ASP.NET Core web app
应用程序成功登录,没有问题,但是当调用该方法进行注销时,我们在浏览器中看到CORS错误
无法加载https://login.microsoftonline.com/xxx/oauth2/logout?post_logout_redirect_uri=http%3A%2F%2Flocalhost%3A2345%2FAccount%2FSignedOut&state=xxx&x-client-SKU=ID_NET&x-client-ver=2.1.4.0:所请求的资源上不存在“ Access-Control-Allow-Origin”标头。因此,不允许访问来源“ http://localhost:2345”。
并且永远不会调用控制器方法SignedOut()。
[HttpGet]
[EnableCors("default")]
public IActionResult SignOut()
{
// Remove all cache entries for this user and send an OpenID Connect sign-out request.
string userObjectID = User.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
var authContext = new AuthenticationContext(AzureAdOptions.Settings.Authority,
new NaiveSessionCache(userObjectID, HttpContext.Session));
authContext.TokenCache.Clear();
// Let Azure AD sign-out
var callbackUrl = Url.Action(nameof(SignedOut), "Account", values: null, protocol: Request.Scheme);
return SignOut(
new AuthenticationProperties { RedirectUri = callbackUrl },
CookieAuthenticationDefaults.AuthenticationScheme,
OpenIdConnectDefaults.AuthenticationScheme);
}
[HttpGet]
[EnableCors("default")]
public IActionResult SignedOut()
{
if (User.Identity.IsAuthenticated)
{
// Redirect to home page if the user is authenticated.
return RedirectToAction(nameof(HomeController.Index), "Home");
}
return View();
}
明确设置CORS以允许任何来源似乎没有帮助
services.AddCors(options =>
{
options.AddPolicy("default",
policy => policy
.AllowAnyMethod()
.AllowAnyOrigin());
});
app.UseCors("default")
我看不到我在做什么错。