![](/img/trans.png)
[英]Blazor WebAssembly App with Individual Accounts and ASP.NET Core Hosted - Token request - "error": "unauthorized_client"
[英]Blazor Client App configuring request to send cookies on CORS failing
我有一個 Blazor WASM 客戶端應用程序試圖將 cookie 發送到我的 asp.net api,都在本地主機上但在不同的端口上,因此需要 CORS。
我已經在 API 端配置並應用了 CORS 策略,但在客戶端請求端找出正確的選項或標頭設置時遇到問題。 在 Chrome 開發工具中,我在標題中看到了 cookie,但它似乎沒有到達 API,因為那一側的 cookie 計數返回零。
我已經在瀏覽器中直接使用 GET 測試了 API 控制器,並且 cookie 可以正常工作,所以它一定是 CORS 和 cookie 一起出現的問題。
這是來自 Blazor WASM 客戶端操作的代碼片段:(我已注釋掉其他失敗的配置嘗試)
private async void CheckCookie()
{
HttpClient client = new HttpClient();
HttpRequestMessage requestMessage = new HttpRequestMessage(HttpMethod.Get, "https://localhost:7139/ValidateCookie");
//requestMessage.Options.Set(new HttpRequestOptionsKey<string>(),"true");
//requestMessage.Options.Append(new KeyValuePair<string, object>("credentials","include"));
requestMessage.Options.Set(new HttpRequestOptionsKey<string>("Access-Control-Request-Headers"),"Cookie");
requestMessage.Options.Set(new HttpRequestOptionsKey<string>("Access-Control-Allow-Origin"),"http://localhost:5196");
requestMessage.Options.Set(new HttpRequestOptionsKey<string>("Access-Control-Allow-Methods"),"GET");
//requestMessage.Headers.Add("Access-Control-Allow-Credentials","true");
//requestMessage.Headers.Add("withCredentials","true");
CommunityObject[] subbedCommunities;
List<CommunityObject> listSubbedCommunities = new List<CommunityObject>();
HttpResponseMessage returnMessage = await client.SendAsync(requestMessage);
var stream = returnMessage.Content.ReadAsStreamAsync();
var contentstring = returnMessage.Content.ReadAsStringAsync();
Console.WriteLine("Community CheckCookie return stream result: " + stream.Result);
cookieresult = contentstring.Result;
}
這是我當前的 program.cs CORS 配置:(我也嘗試將源設置為 localhost:port-the-client-is-using)
builder.Services.AddCors(options =>
{
options.AddPolicy("CookiePolicy",
policy =>
{
policy.AllowCredentials().AllowAnyHeader().AllowAnyMethod().SetIsOriginAllowed(origin => new Uri(origin).Host == "localhost");
});
這是被調用的控制器:
public class ValidateCookieToken : ControllerBase
{
[EnableCors("CookiePolicy")]
[HttpGet("/ValidateCookie")]
public String Get()
{
String bearertoken;
Console.WriteLine("ValidateCookies Headers Keys: " + Request.Headers.Keys);
foreach (var VARIABLE in Request.Headers.Keys)
{
Console.WriteLine("ValCookie Key: " + VARIABLE + " - Value: " + Request.Headers[VARIABLE]);
}
Console.WriteLine("ValidateCookies current cookie count: " + Request.Cookies.Count);
Console.WriteLine("Validatecookies cookie keys: " + Request.Cookies.Keys);
Console.WriteLine("ValCook headers cookie: " + Request.Headers.Cookie.ToString());
Request.Cookies.TryGetValue("bearer", out bearertoken);
String decodedbearer = Encoding.ASCII.GetString(Convert.FromBase64String(bearertoken));
return decodedbearer;
}
}
最重要的是,有沒有辦法記錄 CORS 事務,所以我至少可以從那一端調試它。 就目前而言,我不知道 CORS cookie 在哪一方、客戶端或 API 被阻止。
編輯:下面是添加 cookie 的登錄控制器。
[HttpGet("/Login")]
public String Get(String Email, String Pass)
{
String token = null;
token = Auth.Login(Email, Pass);
if (token != null)
{
String basicauth = Convert.ToBase64String(Encoding.ASCII.GetBytes(Email+":"+token));
CookieOptions cookieOptions = new CookieOptions();
Console.WriteLine("Cookie path is: " + cookieOptions.Path);
Console.WriteLine("Cookie domain is: " + cookieOptions.Domain);
Console.WriteLine("Cookie isEssential: " + cookieOptions.IsEssential);
Console.WriteLine("Cookie Samesite: " + cookieOptions.SameSite);
Console.WriteLine("Cookie secure: " + cookieOptions.Secure);
Console.WriteLine("Cookie expires: " + cookieOptions.Expires);
Console.WriteLine("Cookie httponly: " + cookieOptions.HttpOnly);
Console.WriteLine("Cookie max age: " + cookieOptions.MaxAge);
cookieOptions.IsEssential = true;
cookieOptions.SameSite = SameSiteMode.Lax;
cookieOptions.Secure = false;
Response.Cookies.Append("bearer",basicauth,cookieOptions);
Console.WriteLine("Cookie count after login: " + Request.Cookies.Count);
return basicauth;
}
return "token was null";
}
您在客戶端收到任何消息嗎? 這可能是您的 API 不允許 cookie 標頭或需要配置 Access-Control-Allow-Credentials 的預檢事項
https://livebook.manning.com/book/cors-in-action/chapter-5/4
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.