[英]Thinktecture Identity Server Cors support
I'm currently stuck in a situation where by I have created a ASP Web API project and deployed in separately from my main MVC application, which uses the Thinktecture identity server for federated authentication. 目前,我陷入了这样一个局面:我创建了一个ASP Web API项目,并与我的主MVC应用程序分开部署,该应用程序使用Thinktecture身份服务器进行联合身份验证。
The problem that i'm facing has to do with the web api cors support. 我面临的问题与网络API核心支持有关。 More specifically, i authenticate my self in the mvc application but then when it sends requests to the web api i get the following error: 更具体地说,我在mvc应用程序中对自己进行身份验证,但是当它向Web api发送请求时,出现以下错误:
XMLHttpRequest cannot load XXX. The request was redirected to 'https://localhost/idsrv/issue/wsfed?wa=wsignin1.0&wtrealm=http%3a%2f%2floca…assive%2..., which is disallowed for cross-origin requests that require preflight.
The error makes sense, because the request doesn't contain the Http headers that are needed by the WSFederationAuthenticatioModule to verify that i'm already logged on. 该错误是有道理的,因为该请求不包含WSFederationAuthenticatioModule用来验证我已经登录的Http标头。
Is there any possible workaround that I'm not aware of? 是否有我不知道的可能解决方法?
As far as I see you have 3 issues here: 1. How to enable WIF authentication with the Web API. 据我所知,这里有3个问题:1.如何使用Web API启用WIF身份验证。
For this you should use Thinktecture.IdentityModel.45 (or the one for MVC 5 - Thinktecture.IdentityModel) that exists as a NuGet package. 为此,您应该使用以NuGet包形式存在的Thinktecture.IdentityModel.45(或用于MVC 5的版本-Thinktecture.IdentityModel)。 See the sample here: Web Api security sample 请在此处查看示例: Web Api安全示例
For issues 2 & 3 see: Dog fooding our api authentication 对于问题2和问题3,请参阅: 狗食我们的api身份验证
This Should also give you a good idea of how to use the security token received in your MVC site to authenticate with your Web API. 这也应该使您对如何使用在MVC站点中收到的安全令牌进行Web API身份验证有了一个好主意。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.