我正在尝试通过向后端WebAPI发出请求来从Angular8应用程序对用户进行身份验证。我已经添加并配置了CORS以接受来自localhost:4200 [启动我的Angular应用程序的URL]的请求。
现在,当我单击“登录”时,控制台错误-
Access to XMLHttpRequest at 'http://localhost:33428/token' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
/ token端点应该来自此-
[EnableCors(origins: "http://localhost:4200", headers: "*", methods: "*")]
public class ApplicationOAuthProvider : OAuthAuthorizationServerProvider
{
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.Validated();
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var userStore = new UserStore<ApplicationUser>(new ApplicationDbContext());
var manager = new UserManager<ApplicationUser>(userStore);
var user = await manager.FindAsync(context.UserName, context.Password);
if (user != null)
{
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("Username", user.UserName));
identity.AddClaim(new Claim("Email", user.Email));
identity.AddClaim(new Claim("FirstName", user.FirstName));
identity.AddClaim(new Claim("LastName", user.LastName));
identity.AddClaim(new Claim("LoggedOn", DateTime.Now.ToString()));
var userRoles = manager.GetRoles(user.Id);
foreach (string roleName in userRoles)
{
identity.AddClaim(new Claim(ClaimTypes.Role, roleName));
}
var additionalData = new AuthenticationProperties(new Dictionary<string, string>{
{
"role", Newtonsoft.Json.JsonConvert.SerializeObject(userRoles)
}
});
var token = new AuthenticationTicket(identity, additionalData);
context.Validated(token);
}
else
return;
}
public override Task TokenEndpoint(OAuthTokenEndpointContext context)
{
foreach (KeyValuePair<string, string> property in context.Properties.Dictionary)
{
context.AdditionalResponseParameters.Add(property.Key, property.Value);
}
return Task.FromResult<object>(null);
}
}
所以我添加了我的startup.cs文件-
[EnableCors(origins: "http://localhost:4200", headers: "*", methods: "*")]
public class Startup
{
public void Configuration(IAppBuilder app)
{
// For more information on how to configure your application, visit http://go.microsoft.com/fwlink/?LinkID=316888
app.UseCors(CorsOptions.AllowAll);
OAuthAuthorizationServerOptions option = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/token"),
Provider = new ApplicationOAuthProvider(),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(60),
AllowInsecureHttp = true
};
app.UseOAuthAuthorizationServer(option);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
}
这是我的认证角度方法-
userAuthentication(userName, password) {
var data = "username=" + userName + "&password=" + password + "&grant_type=password";
var reqHeader = new HttpHeaders({ 'Content-Type': 'application/x-www-urlencoded', 'No-Auth': 'True' });
return this.http.post(this.rootUrl + '/token', data, { headers: reqHeader });
}
应该击中http://localhost:33428/token。但是没有。
因此 http://localhost:33428/token 基本上意味着处理将转到 ApplicationOAuthProvider 。不是吗?
那么为什么有人不能告诉我它没有达到我的断点呢?我还需要在哪里配置CORS?这是怎么回事我允许所有操作,在EnableCors中明确提及传入的url等。
请帮助我了解并解决此问题。现在与之抗争三天。