尝试从WASM blazor应用程序向Web api发出POST请求时收到Cors策略错误。
访问CORS策略已阻止从源“ https:// localhost:8081”获取“ http:// localhost:8080 / DashboardService / TestConnection”处的访问:没有“ Access-Control-Allow-Origin”标头存在于请求的资源上。如果不透明的响应可以满足您的需求,请将请求的模式设置为“ no-cors”,以在禁用CORS的情况下获取资源。
在调试模式下,我没有问题,只有IIS发布
Startup.cs(WEB API)
public class Startup
{
#region Fields/Attributes
private static readonly NLog.Logger logger = NLog.LogManager.GetCurrentClassLogger();
private readonly IConfiguration configuration;
#endregion Fields/Attributes
#region Constructors
/// <summary>
/// Initializes a new instance of the <see cref="Startup"/> class.
/// </summary>
/// <param name="configuration">The configuration identifier</param>
public Startup(IConfiguration configuration)
{
logger.Trace($"{GetType().FullName} constructed");
this.configuration = configuration;
}
#endregion Constructors
#region Methods
/// <summary>
/// This method gets called by the runtime. Use this method to add services to the container.
/// </summary>
/// <param name="services">The service collection identifier</param>
public void ConfigureServices(IServiceCollection services)
{
// Statistics And Monitoring Service
services.AddSingleton<IDashboardService, DashboardService>();
services.AddSingleton<IManualLogsService, ManualLogsService>();
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder =>
{
builder
.AllowAnyOrigin()
.AllowAnyHeader()
.AllowAnyMethod();
});
});
services.AddCors(options => options.AddPolicy("CorsPolicy2",
builder =>
{
builder.WithOrigins("https://localhost:8081").AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials();
}));
services.AddSignalR(options =>
{
options.EnableDetailedErrors = true;
options.MaximumReceiveMessageSize = long.MaxValue;
options.ClientTimeoutInterval = TimeSpan.FromSeconds(240);
options.KeepAliveInterval = TimeSpan.FromSeconds(120);
})
string identityServerAuthority = "https://localhost:8082";
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, opt =>
{
opt.RequireHttpsMetadata = false;
opt.Authority = identityServerAuthority;
opt.Audience = "backend";
});
logger.Trace($"Services configured");
}
/// <summary>
/// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
/// </summary>
/// <param name="app">The application builder identifier</param>
/// <param name="env">The web host environement identifier</param>
/// <param name="agentsService">The AgentsService identifier</param>
/// <param name="collectedValueConverter">The CollectedValueConverter identifier</param>
/// <param name="databaseConnectionService">The DatabaseConnectionService identifier</param>
[System.Diagnostics.CodeAnalysis.SuppressMessage("Style", "IDE0060:Remove unused parameter", Justification = "Dependency injecting only to force instantiation of Singletons")]
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IDataBaseServiceApplicationConfig dataBaseServiceApplicationConfig, IAgentsService agentsService, IMachineStructureService machineStructureService, ICollectedValueConverter collectedValueConverter, IDatabaseConnectionService databaseConnectionService)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
//app.UseHsts();
}
//app.UseHttpsRedirection();
app.UseRouting();
app.UseCors("CorsPolicy2");
app.UseAuthentication();
app.UseAuthorization();
app.UseStaticFiles();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
endpoints.MapHub<BackEndHub>("/DashboardService");
});
}
#endregion Methods
}
我在控制器上获得了[Authorize]属性,如果我删除它们,它将起作用...
有人可以帮我吗?预先感谢
Rihen
答案 0 :(得分:0)
我看到的第一个问题是这两行的顺序错误:
app.UseAuthorization();
app.UseAuthentication();
您应该始终在授权之前进行身份验证。
您还应该注意,IdentityService客户端定义中有单独的CORS设置,但是只有在调用IdentityServer端点时才应用这些设置(如果我没记错的话)。
答案 1 :(得分:0)
问题已解决: 我进入Windows中的事件查看器,能够看到REAL错误,这是SSL证书问题。我的后端是http,并且身份服务器不接受这样的请求。 我们将后端转为https并使用了开发证书。 我们面临同样的问题,但是这次是证书存储在“个人”而不是“受信任”中。管理此步骤: Windows->运行-> mmc.exe->证书->这台计算机->本地->以受信任的方式复制本地主机证书。
感谢大家的帮助。