为Azure Rest Webapi应用程序启用CORS
[英]Enable CORS for Azure Rest webapi application
问题描述
I have simple jQuery page that makes calls to azure restful API to get the status of VMs. 
我有一个简单的jQuery页面,该页面调用Azure静态API来获取VM的状态。 I'm facing a problem that it's complaining about Cross-Origin Resource Sharing and I can't find where to set that for the Web app/API I have. 我遇到了一个问题,那就是它抱怨跨域资源共享,而我找不到在哪里为我拥有的Web应用程序/ API设置它。
I'm using client credentials grant to get the token https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-oauth2-client-creds-grant-flow 我正在使用客户端凭据授予来获取令牌https://docs.microsoft.com/zh-cn/azure/active-directory/develop/v1-oauth2-client-creds-grant-flow
I have finished my testing and when I tried to do the calls from jQuery/JS I got the CORS problem. 我已经完成测试,当我尝试从jQuery / JS进行调用时遇到了CORS问题。
My setup involved: From Azure portal, I used App registrations to register an app of type "Web app/API", give it a homepage address "this is where it lives", created a key. 我的设置涉及:从Azure门户,我使用应用程序注册来注册类型为“ Web应用程序/ API”的应用程序,为其提供主页地址“这是它的住所”,并创建了密钥。
Using 使用
POST https://login.microsoftonline.com/<tenant id>/oauth2/token
grant_type=client_credentials
client_id=application id
client_secret=application key
resource=https://management.core.windows.net/
Am I missing any missing anything? 我是否有任何遗漏? my search keeps leading me to Azure hosted apps 我的搜索不断将我引向Azure托管应用
2 个解决方案
解决方案1
1 2018-11-14 10:47:53
You cannot use a client secret from front-end Javascript. 您不能使用前端Javascript中的客户端机密。 Your client secret will be public, it's basically your app's password. 您的客户秘密将是公开的,基本上是您应用程序的密码。
Client credentials grant is for back-end applications. 客户端凭据授予适用于后端应用程序。
You need to use eg the implicit grant flow with ADAL.JS/MSAL.JS to acquire tokens. 您需要使用ADAL.JS / MSAL.JS等隐式授予流来获取令牌。 Your front-end app also should be registered as Native since it is a public client. 您的前端应用也是公共客户端,因此也应注册为Native。
Here is a sample app: https://github.com/Azure-Samples/active-directory-javascript-singlepageapp-dotnet-webapi 这是一个示例应用程序: https : //github.com/Azure-Samples/active-directory-javascript-singlepageapp-dotnet-webapi
Oh, and the CORS error comes from Azure AD's token endpoint. 哦,CORS错误来自Azure AD的令牌终结点。 You cannot do anything about it. 您对此无能为力。
解决方案2
1 已采纳 2018-11-19 00:06:04
Okay, here is how to do it in short: 好的,这是简短的说明:
- Add Function App (charge per request) 添加功能应用程序(按请求收费)
- Open the Newly created function app 打开新创建的功能应用程序
- In Proxies, select that from the right list 在代理中,从右侧列表中选择
- Give it a name, route template will be your new endpoint URL, backend URL is your login endpoint eg: https://login.microsoftonline.com/ /oauth2/token 给它起一个名字,路由模板将是您的新端点URL, 后端URL是您的登录端点,例如: https ://login.microsoftonline.com/ / oauth2 / token
- After that, back to your function app, select the platform feature tab, Select CORS, delete all of them and enter your application URL or simply a * 之后,返回您的功能应用程序,选择平台功能选项卡,选择“ CORS”,将其全部删除,然后输入您的应用程序URL或一个*
You can be more specific with these, but this is enough to get the token. 您可以更具体地说明这些,但这足以获取令牌。 And all the other endpoint didn't have CORS problem. 并且所有其他端点都没有CORS问题。
Good luck. 祝好运。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.