使用 Windows 身份验证时 SignalR 客户端 CORS 错误
SignalR client CORS error when using Windows authentication
我在 ASP.NET Core 2.2 服务器应用程序上实施 Windows 身份验证,除 Angular 8 应用程序中的 SignalR 外,一切正常。我收到的错误如下:
Access to XMLHttpRequest at 'http://localhost:2110/api/aircrafts/hub/negotiate' from origin 'http://localhost:2302' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
localhost:2302 是客户端部分 运行 Angular 8 with @ aspnet/signalr@1.1.4 和 localhost:2110 是服务器部分。这是我的服务器代码:
Startup.cs 配置方法
app.UseCors("CORS");
app.UseAuthentication();
var relativeUri = webSettings.SignalRAircraftsUri.ToString();
app.UseSignalR(hubs => { hubs.MapHub<AircraftsHub>(relativeUri); });
Startup.cs ConfigureServices 方法
services.AddCors(options =>
{
options.AddPolicy("CORS", builder =>
{
builder
.AllowAnyMethod()
.AllowAnyHeader()
.WithOrigins(webSettings.AllowedHosts.ToArray())
.AllowCredentials();
});
});
services.AddSignalR();
services.AddAuthentication(IISDefaults.AuthenticationScheme);
webSettings.AllowedHosts 包含 localhost:2302.
launchsettings.json:
"iisSettings": {
"windowsAuthentication": true,
"anonymousAuthentication": false,
"iisExpress": {
"applicationUrl": "http://localhost:2110",
"sslPort": 0
}
},
这是 Angular 代码:
const signalRConnection = new signalR.HubConnectionBuilder().withUrl(url).build();
signalRConnection.start();
其中 url 是 localhost:2110/api/aircrafts/hub
如有任何帮助,我们将不胜感激。
首先,您不应该使用包 @aspnet/signalr@1.1.4,因为它已被 Microsoft 放弃并迁移到 package @microsoft/signalr and it is already on version 3.1.0, as you can see in this documentation。
关于 CORS,您应该像这样配置您的 CORS:
services.AddCors(options =>
{
options.AddPolicy(CorsPolicy, builder => builder.WithOrigins(webSettings.AllowedHosts.ToArray())
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials()
.SetIsOriginAllowed((host) => true));
});
我在 ASP.NET Core 2.2 服务器应用程序上实施 Windows 身份验证,除 Angular 8 应用程序中的 SignalR 外,一切正常。我收到的错误如下:
Access to XMLHttpRequest at 'http://localhost:2110/api/aircrafts/hub/negotiate' from origin 'http://localhost:2302' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
localhost:2302 是客户端部分 运行 Angular 8 with @ aspnet/signalr@1.1.4 和 localhost:2110 是服务器部分。这是我的服务器代码:
Startup.cs 配置方法
app.UseCors("CORS");
app.UseAuthentication();
var relativeUri = webSettings.SignalRAircraftsUri.ToString();
app.UseSignalR(hubs => { hubs.MapHub<AircraftsHub>(relativeUri); });
Startup.cs ConfigureServices 方法
services.AddCors(options =>
{
options.AddPolicy("CORS", builder =>
{
builder
.AllowAnyMethod()
.AllowAnyHeader()
.WithOrigins(webSettings.AllowedHosts.ToArray())
.AllowCredentials();
});
});
services.AddSignalR();
services.AddAuthentication(IISDefaults.AuthenticationScheme);
webSettings.AllowedHosts 包含 localhost:2302.
launchsettings.json:
"iisSettings": {
"windowsAuthentication": true,
"anonymousAuthentication": false,
"iisExpress": {
"applicationUrl": "http://localhost:2110",
"sslPort": 0
}
},
这是 Angular 代码:
const signalRConnection = new signalR.HubConnectionBuilder().withUrl(url).build();
signalRConnection.start();
其中 url 是 localhost:2110/api/aircrafts/hub
如有任何帮助,我们将不胜感激。
首先,您不应该使用包 @aspnet/signalr@1.1.4,因为它已被 Microsoft 放弃并迁移到 package @microsoft/signalr and it is already on version 3.1.0, as you can see in this documentation。
关于 CORS,您应该像这样配置您的 CORS:
services.AddCors(options =>
{
options.AddPolicy(CorsPolicy, builder => builder.WithOrigins(webSettings.AllowedHosts.ToArray())
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials()
.SetIsOriginAllowed((host) => true));
});