我有一个ASP.NET MVC 5 webproject(localhost:81),它使用Knockoutjs从我的WebApi 2项目(localhost:82)调用函数,以便在我启用CORS的两个项目之间进行通信.到目前为止,一切都有效,直到我尝试对WebApi实施OWIN令牌认证.
要在WebApi上使用/ token端点,我还需要在端点上启用CORS,但经过几个小时的尝试和搜索解决方案后,它仍在运行,并且api/token仍然会导致:
XMLHttpRequest cannot load http://localhost:82/token. No 'Access-Control-Allow-Origin' header is present on the requested resource.
public void Configuration(IAppBuilder app)
{
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
TokenConfig.ConfigureOAuth(app);
...
}
TokenConfig
public static void ConfigureOAuth(IAppBuilder app)
{
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<AppUserManager>(AppUserManager.Create);
OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = new SimpleAuthorizationServerProvider()
};
app.UseOAuthAuthorizationServer(OAuthServerOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
AuthorizationProvider
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
var appUserManager = context.OwinContext.GetUserManager<AppUserManager>(); …当我System.Web.Cors在解决方案资源管理器中检查程序集引用时,它Version是5.2.3.0.该Specific Version物业将设置为False.路径是本地项目bin文件夹.从文件资源管理器中检查.dll属性时,文件的产品版本和文件版本.也是5.2.3.
我的Web.config:
<dependentAssembly>
<assemblyIdentity name="System.Web.Cors" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
</dependentAssembly>
我的packages.config(我认为麻烦的程序集是Microsoft.AspNet.WebApi.Cors,但我在这里包含另一个类似名称):
<package id="Microsoft.AspNet.Cors" version="5.2.3" targetFramework="net452" />
<package id="Microsoft.AspNet.WebApi.Cors" version="5.2.3" targetFramework="net452" />
在Startup.cs中抛出此行的错误
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
这是完整的错误:
System.IO.FileLoadException was unhandled by user code
FileName=System.Web.Cors, Version=5.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
FusionLog==== Pre-bind state information ===
LOG: DisplayName = System.Web.Cors, Version=5.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
(Fully-specified)
LOG: Appbase = file:///P:/project-z4a/project-z4a/
LOG: Initial PrivatePath = P:\project-z4a\project-z4a\bin …您好我正在尝试在我的ASP.NET Web API 2项目中设置OAuth bearrer令牌身份验证.我有两个项目,一个是WEB API项目,另一个是SPA项目.
这是我到目前为止所做的:
我创建了OWIN Startup类:
[assembly: OwinStartup(typeof(CodeArt.WebApi.App_Start.Startup))]
namespace CodeArt.WebApi.App_Start
{
public class Startup
{
static Startup()
{
PublicClientId = "self";
UserManagerFactory = () => new UserManager<UserModel>(new UserStore<UserModel>());
OAuthOptions = new OAuthAuthorizationServerOptions {
TokenEndpointPath = new PathString("/Token"),
Provider = new OAuthAuthorizatonServer(PublicClientId, UserManagerFactory),
AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
AllowInsecureHttp = true
};
}
public static OAuthAuthorizationServerOptions OAuthOptions { get; private set; }
public static Func<UserManager<UserModel>> UserManagerFactory { get; set; }
public static string PublicClientId { get; …