如何在我的 ASP.NET 核心 WebApi 项目中全局启用 CORS
How to enable CORS globally in my ASP.NET core WebApi project
我正在尝试将我的 Web Api2 迁移到 ASP.NET 核心 Web api 项目。在我的项目中,我们正在使用 EnableCors 功能。
我在 Microsoft 站点上找到了此文档,我将其用作参考 - https://docs.asp.net/en/latest/security/cors.html
如 'Enabling CORS in MVC' 部分所述,我正尝试在 ConfigureServices 中全局启用 cors,就像这样 -
services.Configure<MvcOptions>(options =>
{
options.Filters.Add(new CorsAuthorizationFilterFactory("AllowSpecificOrigin"));
});
但是,我收到了这个我无法理解的错误-
The call is ambiguous between the following methods or properties:
'Microsoft.Extensions.DependencyInjection.OptionsServiceCollectionExtensions.Configure(Microsoft.Extensions.DependencyInjection.IServiceCollection,
System.Action)' and
'Microsoft.Extensions.DependencyInjection.OptionsServiceCollectionExtensions.Configure(Microsoft.Extensions.DependencyInjection.IServiceCollection,
System.Action)'
在此处参考错误屏幕截图 - ERROR scrrenshot
谁能告诉我如何在我的 ASP.NET 核心 WebApi 项目中全局启用 CORS?
Project.json:
{
"userSecretsId": "aspnet5-MVC6",
"version": "1.4.0-*",
"buildOptions": {
"emitEntryPoint": true,
"preserveCompilationContext": true
},
"dependencies": {
"Microsoft.ApplicationInsights.AspNetCore": "1.0.0",
"Microsoft.AspNetCore.Authentication.Cookies": "1.0.0",
"Microsoft.AspNetCore.Diagnostics": "1.0.0",
"Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore": "1.0.0",
"Microsoft.AspNetCore.Identity": "1.0.0",
"Microsoft.AspNetCore.Identity.EntityFrameworkCore": "1.0.0",
"Microsoft.AspNetCore.Mvc": "1.0.0",
"Microsoft.AspNetCore.Mvc.TagHelpers": "1.0.0",
"Microsoft.AspNet.Cors": "6.0.0-rc1-final",
"Microsoft.AspNetCore.Server.IISIntegration": "1.0.0",
"Microsoft.AspNetCore.Server.Kestrel": "1.0.0",
"Microsoft.AspNetCore.StaticFiles": "1.0.0",
"Microsoft.EntityFrameworkCore": "1.0.0",
"Microsoft.EntityFrameworkCore.SqlServer": "1.0.0",
"Microsoft.Extensions.Configuration.CommandLine": "1.0.0",
"Microsoft.Extensions.Configuration.FileExtensions": "1.0.0",
"Microsoft.Extensions.Configuration.Json": "1.0.0",
"Microsoft.Extensions.Configuration.UserSecrets": "1.0.0",
"Microsoft.Extensions.Logging": "1.0.0",
"Microsoft.Extensions.Logging.Console": "1.0.0",
"Microsoft.Extensions.Logging.Debug": "1.0.0",
"Microsoft.VisualStudio.Web.BrowserLink.Loader": "14.0.0"
},
"tools": {
"BundlerMinifier.Core": "2.0.238",
"Microsoft.AspNetCore.Razor.Tools": "1.0.0-preview2-final",
"Microsoft.AspNetCore.Server.IISIntegration.Tools": "1.0.0-preview2-final",
"Microsoft.Extensions.SecretManager.Tools": "1.0.0-preview2-final"
},
"frameworks": {
"netcoreapp1.0": {
"imports": [
"dnxcore50"
],
"dependencies": {
"Microsoft.NETCore.App": {
"type": "platform",
"version": "1.0.0"
}
}
},
"net461": {
"dependencies": {
"Microsoft.VisualStudio.Web.CodeGenerators.Mvc": "1.0.0-preview2-final"
}
}
},
"publishOptions": {
"exclude": [
"**.user",
"**.vspscc",
"wwwroot",
"node_modules"
]
},
"scripts": {
"prepublish": [ "npm install", "bower install", "gulp clean", "gulp min" ]
}
}
您混淆了依赖项。
"Microsoft.AspNet.Cors": "6.0.0-rc1-final"
是一个非常旧的版本,导致您的解决方案加载了两个具有相同命名空间和类型的不同程序集,并且编译器不知道要使用哪一个。
改为
"Microsoft.AspNetCore.Cors": "1.0.0"
所有 Microsoft.AspNet.* 包都非常旧,不应使用。他们都用 RC2
重命名为 Microsoft.AspNetCore.*
Asp.Net 文档说:
要为您的应用程序设置 CORS,请将 Microsoft.AspNetCore.Cors 包添加到您的项目中。
在 Startup.cs 中添加 CORS 服务:
public void ConfigureServices(IServiceCollection services)
{
services.AddCors();
}
要为您的整个应用程序启用 CORS,请使用 UseCors 将 CORS 中间件添加到您的请求管道
扩展方法。请注意,CORS 中间件必须在您的应用程序中要支持 cross-origin 请求的任何已定义端点之前(例如,在对 UseMvc 的任何调用之前)。
您可以在使用 CorsPolicyBuilder class 添加 CORS 中间件时指定 cross-origin 策略。使用 lambda 调用 UseCors:
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
// Shows UseCors with CorsPolicyBuilder.
app.UseCors(builder =>
builder.WithOrigins("http://example.com").AllowAnyMethod().AllowAnyHeader());
app.Run(async (context) =>
{
await context.Response.WriteAsync("Hello World!");
});
}
我正在尝试将我的 Web Api2 迁移到 ASP.NET 核心 Web api 项目。在我的项目中,我们正在使用 EnableCors 功能。
我在 Microsoft 站点上找到了此文档,我将其用作参考 - https://docs.asp.net/en/latest/security/cors.html
如 'Enabling CORS in MVC' 部分所述,我正尝试在 ConfigureServices 中全局启用 cors,就像这样 -
services.Configure<MvcOptions>(options =>
{
options.Filters.Add(new CorsAuthorizationFilterFactory("AllowSpecificOrigin"));
});
但是,我收到了这个我无法理解的错误-
The call is ambiguous between the following methods or properties: 'Microsoft.Extensions.DependencyInjection.OptionsServiceCollectionExtensions.Configure(Microsoft.Extensions.DependencyInjection.IServiceCollection, System.Action)' and 'Microsoft.Extensions.DependencyInjection.OptionsServiceCollectionExtensions.Configure(Microsoft.Extensions.DependencyInjection.IServiceCollection, System.Action)'
在此处参考错误屏幕截图 - ERROR scrrenshot
谁能告诉我如何在我的 ASP.NET 核心 WebApi 项目中全局启用 CORS?
Project.json:
{
"userSecretsId": "aspnet5-MVC6",
"version": "1.4.0-*",
"buildOptions": {
"emitEntryPoint": true,
"preserveCompilationContext": true
},
"dependencies": {
"Microsoft.ApplicationInsights.AspNetCore": "1.0.0",
"Microsoft.AspNetCore.Authentication.Cookies": "1.0.0",
"Microsoft.AspNetCore.Diagnostics": "1.0.0",
"Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore": "1.0.0",
"Microsoft.AspNetCore.Identity": "1.0.0",
"Microsoft.AspNetCore.Identity.EntityFrameworkCore": "1.0.0",
"Microsoft.AspNetCore.Mvc": "1.0.0",
"Microsoft.AspNetCore.Mvc.TagHelpers": "1.0.0",
"Microsoft.AspNet.Cors": "6.0.0-rc1-final",
"Microsoft.AspNetCore.Server.IISIntegration": "1.0.0",
"Microsoft.AspNetCore.Server.Kestrel": "1.0.0",
"Microsoft.AspNetCore.StaticFiles": "1.0.0",
"Microsoft.EntityFrameworkCore": "1.0.0",
"Microsoft.EntityFrameworkCore.SqlServer": "1.0.0",
"Microsoft.Extensions.Configuration.CommandLine": "1.0.0",
"Microsoft.Extensions.Configuration.FileExtensions": "1.0.0",
"Microsoft.Extensions.Configuration.Json": "1.0.0",
"Microsoft.Extensions.Configuration.UserSecrets": "1.0.0",
"Microsoft.Extensions.Logging": "1.0.0",
"Microsoft.Extensions.Logging.Console": "1.0.0",
"Microsoft.Extensions.Logging.Debug": "1.0.0",
"Microsoft.VisualStudio.Web.BrowserLink.Loader": "14.0.0"
},
"tools": {
"BundlerMinifier.Core": "2.0.238",
"Microsoft.AspNetCore.Razor.Tools": "1.0.0-preview2-final",
"Microsoft.AspNetCore.Server.IISIntegration.Tools": "1.0.0-preview2-final",
"Microsoft.Extensions.SecretManager.Tools": "1.0.0-preview2-final"
},
"frameworks": {
"netcoreapp1.0": {
"imports": [
"dnxcore50"
],
"dependencies": {
"Microsoft.NETCore.App": {
"type": "platform",
"version": "1.0.0"
}
}
},
"net461": {
"dependencies": {
"Microsoft.VisualStudio.Web.CodeGenerators.Mvc": "1.0.0-preview2-final"
}
}
},
"publishOptions": {
"exclude": [
"**.user",
"**.vspscc",
"wwwroot",
"node_modules"
]
},
"scripts": {
"prepublish": [ "npm install", "bower install", "gulp clean", "gulp min" ]
}
}
您混淆了依赖项。
"Microsoft.AspNet.Cors": "6.0.0-rc1-final"
是一个非常旧的版本,导致您的解决方案加载了两个具有相同命名空间和类型的不同程序集,并且编译器不知道要使用哪一个。
改为
"Microsoft.AspNetCore.Cors": "1.0.0"
所有 Microsoft.AspNet.* 包都非常旧,不应使用。他们都用 RC2
Microsoft.AspNetCore.*
Asp.Net 文档说:
要为您的应用程序设置 CORS,请将 Microsoft.AspNetCore.Cors 包添加到您的项目中。 在 Startup.cs 中添加 CORS 服务:
public void ConfigureServices(IServiceCollection services)
{
services.AddCors();
}
要为您的整个应用程序启用 CORS,请使用 UseCors 将 CORS 中间件添加到您的请求管道
扩展方法。请注意,CORS 中间件必须在您的应用程序中要支持 cross-origin 请求的任何已定义端点之前(例如,在对 UseMvc 的任何调用之前)。
您可以在使用 CorsPolicyBuilder class 添加 CORS 中间件时指定 cross-origin 策略。使用 lambda 调用 UseCors:
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
// Shows UseCors with CorsPolicyBuilder.
app.UseCors(builder =>
builder.WithOrigins("http://example.com").AllowAnyMethod().AllowAnyHeader());
app.Run(async (context) =>
{
await context.Response.WriteAsync("Hello World!");
});
}