如何通过使用CORS的WebAPI控制器将来自其他域的值放入模型中?
[英]How do I put a value from a different domain in my Model through a WebAPI Controller using CORS?
问题描述
The application takes requests from a different, non-ASP.NET web application. 
该应用程序接收来自另一个非ASP.NET Web应用程序的请求。 I've implemented Cross-Origin Resource Sharing and now I need to get a value from the request. 我已经实现了跨域资源共享,现在我需要从请求中获取价值。
My Model 我的模特
public class User
{
public int userID { get; set;}
public string username { get; set; }
public string password { get; set;}
public int group { get; set; }
public string permission { get; set;}
}
My Controller 我的控制器
[EnableCors("*", "*", "*")]
public class LoginController : ApiController
{
public User[] PutUser()
{
//this is where I want to create a user through requests to further work with the application
}
}
How could I do this? 我该怎么办?
1 个解决方案
解决方案1
0 已采纳 2015-11-13 08:58:06
I have implemented something similar in an MVC project where I'm calling to our application from a different domain. 我在MVC项目中实现了类似的功能,在该项目中,我从另一个域调用我们的应用程序。 To do this, you need to add the Access-Control-Allow-Origin header with value of the Origin (origin of the request) to your response. 为此,您需要在响应中添加带有Origin值(请求的来源)的Access-Control-Allow-Origin标头。 I imagine this method will work for web api too. 我想这种方法也适用于Web API。 You don't want to allow requests from any website! 您不想允许来自任何网站的请求! This method will allow you to respond to the initial request, which it seems like you want to do as you're returning an array of users. 此方法将允许您响应初始请求,这似乎是您要返回的用户数组时要执行的操作。
I found the easiest way was to create an attribute that you can decorate your methods with: 我发现最简单的方法是创建一个属性,您可以使用该属性来装饰您的方法:
public class AllowCrossSiteAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
switch (filterContext.RequestContext.HttpContext.Request.Headers["Origin"])
{
case "https://myotherwebsite1.com":
filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", filterContext.RequestContext.HttpContext.Request.Headers["Origin"]);
break;
case "https://myotherwebsite2.com":
filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", filterContext.RequestContext.HttpContext.Request.Headers["Origin"]);
break;
default:
filterContext.Result = new EmptyResult();
break;
}
base.OnActionExecuting(filterContext);
}
}
The switch statement checks the origin and makes sure it's from a trusted source. switch语句检查源,并确保它来自受信任的源。 You don't need to hard code these, but for talk sake I have. 您无需对这些代码进行硬编码,但出于对话的考虑,我有。 If you get a match we add the appropriate header to the response. 如果您找到匹配项,则将适当的标题添加到响应中。
You can then decorate your method with this attribute: 然后,您可以使用以下属性装饰您的方法:
[AllowCrossSite]
public class LoginController : ApiController
{
public User[] PutUser()
{
//this is where I want to create a user through requests to further work with the application
}
}
To actually send data from the other application you could use a jquery Ajax request or just a form post, but make sure the method is set to PUT or POST (depending on what you want to do, it's unclear from the naming) if your application relies on verbs. 要从其他应用程序实际发送数据,您可以使用jquery Ajax请求或仅使用表单发布,但请确保将方法设置为PUT或POST(取决于您要执行的操作,根据命名尚不清楚)依靠动词。
You could gather the requested data in a FormDataCollection I believe: 您可以在FormDataCollection中收集请求的数据,我相信:
public public User[] PutUser(FormDataCollection form)
{
//...
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.