它显示的CORS问题:
选项https://dev-01-api-apptracker2/Admin 401(未经授权)
从'https://dev-01-api-apptracker2/Admin'访问'https://dev-01-web-apptracker2'的XMLHttpRequest已被CORS策略阻止:对预检请求的响应未通过访问控制检查:请求的资源上没有'Access-Control-Allow-Origin'标头。
但我想我已经在我的ajax代码中添加了一个标题'Access-Control-Allow-Origin':'*',并尝试了很多方法来解决这些CORS问题,我设置了dataType:'json',crossDomain:true,withCredentials :true,并且还添加不同的原始域。但我仍然得到错误。我不知道这有什么问题,任何人都可以帮助我。谢谢!!
AddAdmin: function (callback, UserId) {
$.ajax({
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json',
'Access-Control-Allow-Headers': 'origin, X-Custom-Header',
'Access-Control-Allow-Method': 'POST',
'Access-Control-Allow-Origin': '*'
},
contentType: 'application/json',
method: "POST",
url: Services.APIBaseUrl + "Admin",
dataType: 'json',
crossDomain: true,
data: JSON.stringify(UserId),
xhrFields: {
withCredentials: true
},
complete: function (data) {
callback(data);
}
});
},
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy("APIAllowedOriginsPolicy",
builder =>
{
builder.WithOrigins("https://dev-01-web-apptracker2",
"http://localhost:31474")
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials();
});
});
services.Configure<MvcOptions>(options =>
{
options.Filters.Add(new CorsAuthorizationFilterFactory("APIAllowedOriginsPolicy"));
});
services.AddAuthentication(IISDefaults.AuthenticationScheme);
// Add framework services.
services
.AddMvc()
.AddJsonOptions(options =>
{
options.SerializerSettings.ContractResolver = new DefaultContractResolver();
});
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
//app.UseCors("APIAllowedOriginsPolicy");
app.UseCors(builder =>
builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials()
);
app.UseMvc();
}
我找出问题是因为IIS身份验证问题,它需要允许两个Windows auth和匿名的CORS。