Access-Control-Allow-Origin在IIS中,但不起作用
[英]Access-Control-Allow-Origin is in IIS, but not working
问题描述
I have just created my first WCF service and I would like to share it with other clients. 
我刚刚创建了我的第一个WCF服务,我想与其他客户共享。 I have added the Access-Control-Allow-Origin header in IIS, in Web.config, and in Global.asax, but remote clients are still not allowed to access the service. 我在IIS,Web.config和Global.asax中添加了Access-Control-Allow-Origin标头,但仍然不允许远程客户端访问该服务。 I have tested in Chrome and IE (our org's supported browsers). 我已经在Chrome和IE(我们的org支持的浏览器)中进行了测试。 My error is "Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource." 我的错误是“对预检请求的响应未通过访问控制检查:请求的资源上没有'Access-Control-Allow-Origin'标头。”
In Web.config: 在Web.config中:
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type"/>
<add name="Access-Control-Allow-Methods" value="POST,GET,OPTIONS"/>
</customHeaders>
</httpProtocol>
In Global.asax: 在Global.asax中:
protected void Application_BeginRequest(object sender, EventArgs e)
{
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "*");
if (HttpContext.Current.Request.HttpMethod == "OPTIONS")
{
//These headers are handling the "pre-flight" OPTIONS call sent by the browser
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept");
HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "1728000");
HttpContext.Current.Response.End();
}
}
And here they are in IIS: 在这里,他们在IIS中:
Here's the JavaScript trying to access the service. 这是试图访问该服务的JavaScript。 It works locally but not remotely: 它在本地但不是远程工作:
$.ajax({
type: "POST",
url: "http://localhost/wsSamwise/Service1.svc/GetTime",
data: '{"UserName": "' + userName + '"}',
contentType: "application/json; charset=utf-8",
dataType: "json",
success: function(data) {
$("#results").html(data.GetTimeResult);
console.log(data);
}
});
All of these ideas came from various Stackoverflow threads, but none of them are working for me. 所有这些想法都来自各种Stackoverflow线程,但它们都不适用于我。 What have I missed? 我错过了什么?
EDIT: I just checked out the headers for the response in my localhost vs. the remote browser. 编辑:我刚刚在本地主机与远程浏览器中检查了响应的标头。 I see the Access-Control-Allow-Origin header in the response for my localhost, but not in the response on the remote browser. 我在本地主机的响应中看到了Access-Control-Allow-Origin标头,但在远程浏览器的响应中没有看到。 It's like it's not being sent. 这就像它没有被发送。
The response headers from my localhost: 来自我的localhost的响应标头:
Access-Control-Allow-Headers:Content-Type
Access-Control-Allow-Methods:POST,GET,OPTIONS
Access-Control-Allow-Origin:*
Access-Control-Allow-Origin:*
Cache-Control:private
Content-Length:82
Content-Type:application/json; charset=utf-8
Date:Thu, 05 May 2016 16:01:28 GMT
Server:Microsoft-IIS/7.5
X-AspNet-Version:4.0.30319
X-Powered-By:ASP.NET
The response from the remote browser: 来自远程浏览器的响应:
Allow:OPTIONS, TRACE, GET, HEAD, POST
Content-Length:0
Date:Thu, 05 May 2016 16:00:09 GMT
Public:OPTIONS, TRACE, GET, HEAD, POST
Server:Microsoft-IIS/7.5
X-Powered-By:ASP.NET
EDIT 2: Guys, maybe it's an IIS issue totally. 编辑2:伙计们,也许这完全是一个IIS问题。 I just added a custom header to IIS. 我刚刚为IIS添加了自定义标头。 It's showing up in the localhost browser, but not on the client. 它出现在localhost浏览器中,但不在客户端上。 The Body-Count header is missing from remote browser, but I see it on the local browser. 远程浏览器中缺少Body-Count标头,但我在本地浏览器上看到它。
2 个解决方案
解决方案1
1 2016-05-05 17:27:40
Use JSONP is most classic and standard for working from differente domaine (Cross-Origin Request Sharing). 使用JSONP是使用不同域名(跨域请求共享)工作的最经典和标准。 And after look to Access-Control-Allow-Origin for add specifique restriction. 然后查看Access-Control-Allow-Origin以添加特定限制。
Use JSONP like this : The new JSONP feature is exposed via the WebHttpBinding. 像这样使用JSONP:通过WebHttpBinding公开新的JSONP功能。 The configuration for the CustomersService would looks like this: CustomersService的配置如下所示:
<bindings>
<webHttpBinding>
<binding name="webHttpBindingWithJsonP" crossDomainScriptAccessEnabled="true" />
</webHttpBinding>
</bindings>
<services>
<service name="ServiceSite.CustomersService">
<endpoint address="" binding="webHttpBinding"
bindingConfiguration="webHttpBindingWithJsonP" contract="ServiceSite.CustomersService"
behaviorConfiguration="webHttpBehavior"/>
</service>
</services>
Consuming JSONP with jQuery 用jQuery消耗JSONP
// Get the JsonP data
$.getJSON('http://localhost:65025/CustomersService.svc/GetCustomers?callback=?', null, function (customers) {
alert('Received ' + customers.length + ' Customers');
});
Source: How to natively enable JSONP for existing WCF service? 来源: 如何为现有的WCF服务本地启用JSONP?
解决方案2
1 已采纳 2016-05-09 18:19:35
Make sure the Ajax URL is correct. 确保Ajax URL正确无误。
In the original code posted, the URL of my Ajax request is looking at localhost instead of the FQDN of the machine hosting the service. 在发布的原始代码中,我的Ajax请求的URL查看localhost而不是托管服务的计算机的FQDN。 That was the problem. 那就是问题所在。 Of course the Ajax request will not work if the service is not hosted at the URL. 当然,如果服务未托管在URL上,则Ajax请求将不起作用。 I was so distracted by the error message that I missed the obvious and easy solution. 我被错误信息分散了注意力,以至于我错过了明显而简单的解决方案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.