[英]Getting a XMLHttpRequest: Network Error 0x80070005, Access is denied
I have a token endpoint that is passed a username and password grant type to authenticate users. 我有一个令牌终结点,该终结点传递了用户名和密码授予类型来验证用户。 This token endpoint is called from an AngularJS service that is part of my MVC web front end.
从我的MVC Web前端的一部分AngularJS服务调用此令牌终结点。 When I call the service I get the following error
当我致电服务时,出现以下错误
XMLHttpRequest: Network Error 0x80070005, Access is denied.
This seems to be a CORS problem. 这似乎是一个CORS问题。 I did the following to resolve this problem with no luck thus far
我做了以下事情来解决这个问题,到目前为止还没有运气
I added the app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
我添加了
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
to my Startup.cs
file for my token web service. 到我的令牌Web服务的
Startup.cs
文件中。
public class Startup
{
public void Configuration
(
IAppBuilder app
)
{
ConfigureOAuth(app);
var config = new HttpConfiguration();
WebApiConfig.Register(config);
config.Filters.Add(new AuthorizeAttribute());
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
app.UseWebApi(config);
}
private void ConfigureOAuth
(
IAppBuilder app
)
{
app.UseOAuthAuthorizationServer(new OAuthServerOptionsProvider().Provide());
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
I also have a class that is overriding the OAuthAuthorizationServerProvider
, within the GrantResourceOwnerCredentials
method I have the following code to add all origins to the response headers 在
GrantResourceOwnerCredentials
方法中,我还有一个重写OAuthAuthorizationServerProvider
的类,我有以下代码将所有来源添加到响应标头中
public override async Task GrantResourceOwnerCredentials
(
OAuthGrantResourceOwnerCredentialsContext context
)
{
System.Web.HttpContext.Current.Response.Headers.Add("Access-Control-Allow-Origin", "*");
// Other code left out to keep this short
}
In fiddler I can see that the response header was successfully added 在提琴手中,我可以看到响应头已成功添加
Is there something I'm missing here? 我在这里想念什么吗?
Update 更新资料
Here is my request headers 这是我的请求标头
First of all I have to point out that the comments made by @maurycy helped me find the solution in the comments of this stackoverflow post. 首先,我必须指出,@ maurycy的评论帮助我在此 stackoverflow帖子的评论中找到了解决方案。
This post explains that the app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
这篇文章解释了
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
in the Startup.cs file should be moved to the top of the method and that the System.Web.HttpContext.Current.Response.Headers.Add("Access-Control-Allow-Origin", "*");
在Startup.cs文件中,应将其移至该方法的顶部,并且将
System.Web.HttpContext.Current.Response.Headers.Add("Access-Control-Allow-Origin", "*");
should be removed from the GrantResourceOwnerCredentials
class. 应该从
GrantResourceOwnerCredentials
类中删除。 So I changed the code in my question to look something like this, 因此,我将问题中的代码更改为如下所示,
public class Startup
{
public void Configuration(IAppBuilder app)
{
ConfigureOAuth(app);
var config = new HttpConfiguration();
WebApiConfig.Register(config);
config.Filters.Add(new AuthorizeAttribute());
app.UseWebApi(config);
}
private void ConfigureOAuth(IAppBuilder app)
{
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
app.UseOAuthAuthorizationServer(new OAuthServerOptionsProvider().Provide());
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
}
I also have changed the class that is overriding the OAuthAuthorizationServerProvider 我还更改了覆盖OAuthAuthorizationServerProvider的类
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
// Remove the response header that was added
// Other code left out to keep this short
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.