使用Angular WebApi注销:错误选项
[英]Logout with Angular WebApi : Error OPTIONS
问题描述
When I disconnect with my angular application through my WebApi my request is rejected during the call OPTIONS 
当我通过WebApi与我的角度应用程序断开连接时,我的请求在调用OPTIONS期间被拒绝
I use OpenIddict and Asp.Net core 2.2 , and I call this method 我使用OpenIddict和Asp.Net core 2.2 ,我称之为这个方法
[HttpGet("~/connect/logout")]
public async Task<IActionResult> Logout()
{
await _signInManager.SignOutAsync();
return SignOut(OpenIddictServerDefaults.AuthenticationScheme);
}
I have this error 我有这个错误
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1] Request starting HTTP/1.1 OPTIONS http://localhost:44300/connect/logout fail: OpenIddict.Server.Internal.OpenIddictServerHandler[0] The logout request was rejected because an invalid HTTP method was specified: OPTIONS.
I have no problem with my other APIs 我的其他API没问题
1 个解决方案
解决方案1
0 2019-09-03 15:25:26
The fact an OPTIONS request is sent - most likely a preflight CORS request in this case - makes me think you tried to use the logout endpoint as an "API endpoint", something it's not made for. OPTIONS请求被发送的事实 - 在这种情况下很可能是预检CORS请求 - 让我觉得你试图将注销端点用作“API端点”,这是它没有做到的。
Pretty much like the authorization endpoint, the logout endpoint is an interactive endpoint, designed to be used with good old redirects, and optionally a consent screen, to inform the user he or she's about to be logged out (and thus, prevent unwanted logouts, that are usually seen as targeted "DOS" attacks). 与授权端点非常相似,注销端点是一个交互式端点,旨在与良好的旧重定向和可选的同意屏幕一起使用,以通知用户他或她即将被注销(从而防止不必要的注销,通常被视为有针对性的“DOS”攻击)。
Assuming you don't want a consent screen, consider sending the logout request in a hidden iframe, instead of using XMLHttpRequest. 假设您不想要同意屏幕,请考虑在隐藏的iframe中发送注销请求,而不是使用XMLHttpRequest。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.