前端之家

  1. 首页
  2. 问答

.NET Core Windows身份验证-React与Postman

问答

我有一个让我发疯的问题...我有启用了CORS和Windows身份验证的后端API,看起来像这样

launchSettings.json:

"iisSettings": {
   "windowsAuthentication": true,"anonymousAuthentication": false,....
}

Startup.cs 

public void ConfigureServices(IServiceCollection services)
{
    services.AddCors();
    services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_3_0);
}


public void Configure(IApplicationBuilder app,IWebHostEnvironment env)
{
     if (env.IsDevelopment())
     {
         app.UseDeveloperExceptionPage();
     }

     app.UseRouting();
     app.UseAuthentication();
     app.UseAuthorization();

     app.UseCors(builder => builder
        .AllowAnyOrigin()
        .AllowAnyHeader()
        .AllowAnyMethod());

     app.UseEndpoints(endpoints =>
     {
         endpoints.MapControllers();
      });
}

TokenController.cs 

[ApiController]
[Route("[controller]")]
public class TokenController : ControllerBase
{
    private TokenService userService;
    IHttpContextaccessor httpContextaccessor;

    public TokenController(TokenService _userService,IHttpContextaccessor _httpContextaccessor)
    {
        userService = _userService;
        httpContextaccessor = _httpContextaccessor;
    }

    /// <summary>
    /// Creates token for domain signed user of Unicredit group
    /// </summary>
    /// <returns>Authenticate</returns>
    [HttpGet]
    [Route("")]
    [ProducesResponseType(typeof(string),200)]
    [ProducesResponseType(typeof(string),400)]
    [ProducesResponseType(typeof(string),404)]
    [Produces("application/json")]
    public IactionResult Authenticate()
    {
        string username = httpContextaccessor.HttpContext.User.Identity.Name;
        ... further reading from AD and making JWT token 
    }

反应-Authenticate.js(进行简单提取)

fetch(`${AuthenticationEndpoint}/`)
     .then(response => response.json())
     .then(data => this.onSetResult(data));

因此,当我使用Boomerang(类似于邮递员)调用API并为GET做简单的https://localhost:{port}/Token/时,我会得到status 200和JWT令牌,但是一旦我从React应用程序中获取信息,我就会不断出错:

access to fetch at 'https://localhost:44351/Token/' from origin 'http://localhost:3000' has been blocked by CORS policy

我了解Boomerang和Postman不受政策限制,这就是为什么它们可以传递给我的API的原因,但是如何让我的应用程序访问我的API?

diamondzvn 回答:.NET Core Windows身份验证-React与Postman

已修复

因为我有

/TT3 1 Tf
11.9951 0 0 12 71.94 420.9803 Tm     //scale x=11.9951  scaley=12   x position=71.94 y position=420.9803
<0003>Tj
/TT2 1 Tf
1.6657 -1.22 TD   //x position=71.94+1.6657 y position=420.9803-1.22
-.0016 Tc
(2\))Tj   //x position=71.94+1.6657-0.0016 y position=420.9803-1.22
/TT6 1 Tf
.8203 0 TD   //x position=71.94+1.6657-0.0016+0.8203
0 Tc
( )Tj
/TT3 1 Tf
10.016 0 0 10.02 71.94 237.6803 Tm  //x position=71.94 y position=237.6803
<0003>Tj
/TT2 1 Tf

我的cors期望使用用户名,以便查询AD和制作JWT令牌

我必须更改访存,并将"iisSettings": { "windowsAuthentication": true,"anonymousAuthentication": false,设置为credentials,然后在Startup.cs中更改include 

useCors

后端的CORS设置如下:

fetch(`${AuthenticationEndpoint}/Authenticate`,{
            credentials: "include",method: "GET",'Accept': 'application/json','Content-Type': 'application/json',}).then((response) => {
            response.json().then(data => {
                this.onSetResult(data);
            })
 });
.net-corecorsfetchreactjs
本文链接:https://www.f2er.com/3145011.html

大家都在问