Gav*_*vin 11 c# ajax cors asp.net-apicontroller identityserver3
我们有一个ASP.NET MVC应用程序,在没有针对IdentityServer3的问题的情况下进行身份验证,但是如果用户在大约3分钟后继续使用AJAX功能之前等待使用ApiController的应用程序的Web API部分开始失败(3分钟之前一切似乎都很好) .
Chrome中出现的错误包括:
XMLHttpRequest无法加载 https://test-auth.myauthapp.com/auth/connect/authorize?client_id=ecan-farmda ... gwLTk5ZjMtN2QxZjUyMjgxNGE4MDg2NjFhZTAtOTEzNi00MDE3LTkzNGQtNTc5ODAzZTE1Mzgw.请求的资源上不存在"Access-Control-Allow-Origin"标头.因此,不允许来源" http://test.myapp.com "访问.
在IE上我收到以下错误:
SCRIPT7002:XMLHttpRequest:网络错误0x4c7,操作被用户取消.
看看IdentityServer3的日志,我看到的条目如下:
2015-08-10 16:42 [警告](Thinktecture.IdentityServer.Core.Configuration.Hosting.CorsPolicyProvider)对路径的CORS请求:/ connect/authorize from origin:http://test.myapp.com 但拒绝因为无效CORS路径
在IdentityServer3 Web应用程序中,我向客户提供AllowedCorsOrigins:
Thinktecture.IdentityServer.Core.Models.Client client = new Thinktecture.IdentityServer.Core.Models.Client()
{
Enabled = configClient.Enabled,
ClientId = configClient.Id,
ClientName = configClient.Name,
RedirectUris = new List<string>(),
PostLogoutRedirectUris = new List<string>(),
AllowedCorsOrigins = new List<string>(),
RequireConsent = false, // Don't show consents screen to user
RefreshTokenExpiration = Thinktecture.IdentityServer.Core.Models.TokenExpiration.Sliding
};
foreach (Configuration.RegisteredUri uri in configClient.RedirectUris)
{
client.RedirectUris.Add(uri.Uri);
}
foreach (Configuration.RegisteredUri uri in configClient.PostLogoutRedirectUris)
{
client.PostLogoutRedirectUris.Add(uri.Uri);
}
// Quick hack to try and get CORS working
client.AllowedCorsOrigins.Add("http://test.myapp.com");
client.AllowedCorsOrigins.Add("http://test.myapp.com/"); // Don't think trailing / needed, but added just in case
clients.Add(client);
在注册服务时,我添加了一个InMemoryCorsPolicyService:
app.Map("/auth", idsrvApp =>
{
var factory = new IdentityServerServiceFactory();
factory.Register(new Registration<AuthContext>(resolver => AuthObjects.AuthContext));
factory.Register(new Registration<AuthUserStore>());
factory.Register(new Registration<AuthRoleStore>());
factory.Register(new Registration<AuthUserManager>());
factory.Register(new Registration<AuthRoleManager>());
// Custom user service used to inject custom registration workflow
factory.UserService = new Registration<IUserService>(resolver => AuthObjects.AuthUserService);
var scopeStore = new InMemoryScopeStore(Scopes.Get());
factory.ScopeStore = new Registration<IScopeStore>(scopeStore);
var clientStore = new InMemoryClientStore(Clients.Get());
factory.ClientStore = new Registration<IClientStore>(clientStore);
var cors = new InMemoryCorsPolicyService(Clients.Get());
factory.CorsPolicyService = new Registration<ICorsPolicyService>(cors);
...
var options = new IdentityServerOptions
{
SiteName = "Authentication",
SigningCertificate = LoadCertificate(),
Factory = factory,
AuthenticationOptions = authOptions
};
...
});
我注意到IdentityServer3日志条目说"为路径做了CORS请求:/ connect/authorize"而不是"为路径做出的CORS请求:/ auth/connect/authorize".但是查看IdentityServer3源代码表明这可能不是问题.
也许InMemoryCorsPolicyService没有被选中?
为什么事情不适合AJAX的任何想法叫做ApiController?
Thinktecture.IdevtityServer3 v1.6.2已使用NuGet安装.
更新
我正在与IdentityServer3开发人员进行对话,但仍然遇到了解决问题的问题.如果它有帮助:
https://github.com/IdentityServer/IdentityServer3/issues/1697
| 归档时间: |
|
| 查看次数: |
4215 次 |
| 最近记录: |