401对CORS飞行前选项请求的未经授权的回复

时间:2020-04-10 15:17:31

标签: asp.net asp.net-core nginx asp.net-web-api cors

当我用客户端发出HTTP GET请求时,我的ASP.NET CORE中的WebApi存在CORS问题,我会遇到此错误:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://service.staging.domain.com/application-api-staging/account. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://service.staging.domain.com/application-api-staging/account. (Reason: CORS request did not succeed

https://service.staging.domain.com/application-api-staging是我的WebAPI基础 https://client.staging.domain.com用于我的网络客户端。

当我检查Firefox控制台时,下面有一个请求和响应标头:

响应头

HTTP/1.1 401 Unauthorized
Server: nginx/1.10.3
Date: Fri, 10 Apr 2020 14:55:31 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 61
Connection: keep-alive
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
ETag: W/"3d-nALmWVEo7YlT78MufcqgeUavvX4"

请求标头

Host: service.staging.domain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0
Accept: */*
Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,tenant
Referer: https://client.staging.domain.com/application/
Origin: https://client.staging.domain.com
Connection: keep-alive

在我的webAPi startup.cs中,我配置了CORS: startup.cs 

readonly string MyAllowSpecificOrigins = "_myAllowSpecificOrigins";

services.AddCors(options => {
  options.AddPolicy(MyAllowSpecificOrigins,
    builder => {
      builder
       .AllowAnyOrigin()
       .AllowAnyHeader()
       .AllowAnyMethod();
    });
});

app.UseCors(MyAllowSpecificOrigins)

在我的控制器中。

accountController.cs 

[EnableCors("_myAllowSpecificOrigins")]

当我在本地使用客户端Web和WebAPI进行测试时, 客户网站-> http://localhost:4200 WebApi-> https://localhost:44354 在这种情况下,我可以发出请求,没问题...它可以正常工作

,但在第二种情况下: 客户网站-> http://localhost:4200 WebApi-> https://service.staging.domain.com/application-api-staging 在这种情况下,我遇到了CORS问题,无法正常工作

在第三种情况下与Web客户端和WebApi部署相同 客户网站-> https://client.staging.domain.com/application/ WebApi-> https://service.staging.domain.com/application-api-staging 同样,我遇到了CORS问题,无法正常工作

从我的问题开头就可以看到相同的错误消息。

为什么我在URL登台阶段出现错误CORS?和/或我可以解决这个问题? 它是nginx的问题吗?

感谢您的帮助。

更新

WebAPI和Webclient在Linux服务器上工作,因此我不使用IIS,但使用NGINX。

如何配置NGINX,或者可能是asp.net核心配置的问题?

2 个答案:

答案 0 :(得分:2)

在 StartUp.cs 中检查您的中间件使用顺序 UseCors() 应该在 UseAthorization() 之前

答案 1 :(得分:1)

尝试一下,为我工作 在launchSettings.json中的iisSettings下,将anonymousauthentication和windowsAuthentication设置为true。

"iisSettings": {
"windowsAuthentication": true,
"anonymousAuthentication": true,
"iisExpress": {
  "applicationUrl": "http://localhost:8791/",
  "sslPort": 0
}

}

相关问题
最新问题