I'm trying to figure out what it is I'm missing in my approach that's preventing my WCF service from being accessed. If I try to access the service via an AJAX request from the same domain, there's no issue.
我试图找出我的方法中缺少的阻止我的WCF服务被访问的东西。如果我试图通过来自同一域的AJAX请求访问该服务,那么没有问题。
I've taken the advice I've seen elsewhere on the site to add to the <httpProtocol> tag in the web.config in order to enable CORS, but it doesn't seem to be working (note the first few elements in customHeaders are there for different security reasons):
我采纳了在网站其他地方看到的建议,将其添加到web中的
<location path="FooBar.svc">
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Request-Method" value="POST"/>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type, X-Requested-With, X-Custom-Header" />
</customHeaders>
</httpProtocol>
</system.webServer>
</location>
Despite this being in place, I still get an error (using IE Developer Tools) when trying to call the service from a separate page: "XMLHttpRequest for ... required Cross Origin Resource Sharing (CORS)"
尽管已经设置好了,但是当我试图从另一个页面调用服务时,仍然会出现一个错误(使用IE Developer工具):“XMLHttpRequest for…”需要的跨源资源共享(CORS)"
My jQuery ajax call (Post) has values set for use with CORS, as well:
我的jQuery ajax调用(Post)也设置了用于CORS的值:
crossDomain: true,
xhrFields: { withCredentials: true },
I've even tried adding a fix for potential IE XDR issues, from https://github.com/jaubourg/ajaxHooks/blob/master/src/xdr.js, with no effect (I'm using IE11, so I wouldn't expect it)
我甚至尝试为潜在的IE XDR问题添加一个补丁,从https://github.com/jaubourg/ajaxHooks/blob/master/src/xdr.js,没有效果(我正在使用IE11,所以我不会期待它)。
Anyone have any ideas as to what might be going wrong here?
有人知道这里出了什么问题吗?
(EDIT: the service itself is set up with these Attributes, if it makes a difference:
(编辑:服务本身设置了这些属性,如果有区别的话:
[OperationContract]
[WebInvoke(Method = "POST",
BodyStyle = WebMessageBodyStyle.WrappedRequest,
ResponseFormat = WebMessageFormat.Json)]
)
)
(EDIT 2: In case it's meaningful, the service has to be part of an all-HTTPS site which uses Forms Authentication - and the service needs to use the same login credentials as the site. )
(编辑2:如果有意义的话,服务必须是一个全https站点的一部分,它使用表单身份验证——而且服务需要使用与站点相同的登录凭证。)
6 个解决方案
#1
7
Enabling CORS to true in backend server where service is hosted should ideally solve the problem. However there is one more way... You can have a wrapper in between jQuery code and WCF service ( Note: It's one of the approach you have to suggest in the team when you do not have the access to modify for example htaccess file in apache where we set the CORS to have access to other domain accessing our service). So the approach goes like this....
在托管服务的后端服务器中启用CORS是理想的解决方案。然而,还有一种方法……你可以有一个包装器之间的jQuery代码和WCF服务(注:这是一个团队中你需要建议的方法当你没有访问修改例如htaccess apache中我们设置歌珥访问其他域访问我们的服务)。因此,方法是这样....
jQuery Code -> Wrapper (Webmethod in .NET) -> WCF servicejQuery代码->包装器(.NET中的Webmethod) -> WCF服务
jQuery code and Wrapper resides in the same domain. jQuery calls webmethod which in turn fire a call to respective WCF service method to get the data. The downfall of this approach is that the request traverse through one more layer, the reason why I have mentioned Note in the beginning.
jQuery代码和包装器驻留在同一个域中。jQuery调用webmethod, webmethod反过来调用相应的WCF服务方法来获取数据。这种方法的缺点是请求要遍历另一个层,这就是为什么我在开始时提到了Note。
#2
5
Your <customHeaders> web.config section is set up for CORS requests without credentials. You need a different configuration to allow CORS requests with credentials:
你的< customHeaders > web。配置部分是为没有凭据的CORS请求设置的。您需要一个不同的配置来允许具有凭证的CORS请求:
-
Set an additional
Access-Control-Allow-Credentialsheader totrue.将附加的访问控制允许的凭据头设置为true。
-
Access-Control-Allow-Originheader cannot be set to*. You have to return a case-sensitive match for the CORS request origin/host.无法将访问控制允许的源头设置为*。您必须为CORS请求源/主机返回一个大小写敏感的匹配项。
Source: 7.2 Resource Sharing Check (W3C Recommendation for Cross-Origin Resource Sharing)
来源:7.2资源共享检查(跨源资源共享W3C推荐标准)
#3
5
If your service is on HTTPS and if you are using self signed SSL Certificate then Cross Domain calls will Fail despite web.config setting done for Access-Control-Allow-Origin header. You should try importing Valid SSL Certificate into your IIS and see what you get.
如果您的服务是HTTPS,如果您使用自签名的SSL证书,那么跨域调用将在web中失败。为Access-Control-Allow-Origin头完成的配置设置。您应该尝试将有效的SSL证书导入IIS,看看会得到什么。
#4
4
Have you tried with $.support.cors = true in jquery.
你试过$.support吗?在jquery中,cors = true。
#5
4
With WCF, you need to do more than just adding the custom headers in web.config. Just editing web.config is sufficient for an ASP.NET Web API, but if that's not what you're working on, you'll need to add custom code to allow the OPTIONS header, within your web service. Basically, you need to create a message inspector and then some endpoint behavior that uses the message inspector class to add the required headers.
使用WCF,您需要做的不仅仅是在web.config中添加自定义头。只是网络编辑。配置对于ASP来说就足够了。NET Web API,但是如果这不是您正在处理的,那么您需要添加自定义代码,以便在Web服务中允许选项头。基本上,您需要创建一个消息检查器,然后创建一些端点行为,使用消息检查器类添加所需的头。
For code and an example service, see the WCF page on enable-cors.org.
有关代码和示例服务,请参阅enable-cors.org上的WCF页面。
#6
-1
Have tried adding Access-Control-Allow-Origin in header in Response as following(only if you want your WCF service be accessible from any domain),
尝试在header中添加Access-Control-Allow-Origin(仅当您希望您的WCF服务可从任何域访问时),
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin","*");
In one of my Web API method, I used UrlReferrer for this. The code looks like following
在我的一个Web API方法中,我使用了UrlReferrer。代码如下所示
Uri referredURL = HttpContext.Current.Request.UrlReferrer;
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "http://" + referredURL.Host);
But this method is little risky, as it is not guaranteed whether you will get the UrlReferrer or not because it depends on the client(browser).
但是这种方法风险不大,因为它不能保证您是否会获得UrlReferrer,因为它取决于客户机(浏览器)。
#1
7
Enabling CORS to true in backend server where service is hosted should ideally solve the problem. However there is one more way... You can have a wrapper in between jQuery code and WCF service ( Note: It's one of the approach you have to suggest in the team when you do not have the access to modify for example htaccess file in apache where we set the CORS to have access to other domain accessing our service). So the approach goes like this....
在托管服务的后端服务器中启用CORS是理想的解决方案。然而,还有一种方法……你可以有一个包装器之间的jQuery代码和WCF服务(注:这是一个团队中你需要建议的方法当你没有访问修改例如htaccess apache中我们设置歌珥访问其他域访问我们的服务)。因此,方法是这样....
jQuery Code -> Wrapper (Webmethod in .NET) -> WCF servicejQuery代码->包装器(.NET中的Webmethod) -> WCF服务
jQuery code and Wrapper resides in the same domain. jQuery calls webmethod which in turn fire a call to respective WCF service method to get the data. The downfall of this approach is that the request traverse through one more layer, the reason why I have mentioned Note in the beginning.
jQuery代码和包装器驻留在同一个域中。jQuery调用webmethod, webmethod反过来调用相应的WCF服务方法来获取数据。这种方法的缺点是请求要遍历另一个层,这就是为什么我在开始时提到了Note。
#2
5
Your <customHeaders> web.config section is set up for CORS requests without credentials. You need a different configuration to allow CORS requests with credentials:
你的< customHeaders > web。配置部分是为没有凭据的CORS请求设置的。您需要一个不同的配置来允许具有凭证的CORS请求:
-
Set an additional
Access-Control-Allow-Credentialsheader totrue.将附加的访问控制允许的凭据头设置为true。
-
Access-Control-Allow-Originheader cannot be set to*. You have to return a case-sensitive match for the CORS request origin/host.无法将访问控制允许的源头设置为*。您必须为CORS请求源/主机返回一个大小写敏感的匹配项。
Source: 7.2 Resource Sharing Check (W3C Recommendation for Cross-Origin Resource Sharing)
来源:7.2资源共享检查(跨源资源共享W3C推荐标准)
#3
5
If your service is on HTTPS and if you are using self signed SSL Certificate then Cross Domain calls will Fail despite web.config setting done for Access-Control-Allow-Origin header. You should try importing Valid SSL Certificate into your IIS and see what you get.
如果您的服务是HTTPS,如果您使用自签名的SSL证书,那么跨域调用将在web中失败。为Access-Control-Allow-Origin头完成的配置设置。您应该尝试将有效的SSL证书导入IIS,看看会得到什么。
#4
4
Have you tried with $.support.cors = true in jquery.
你试过$.support吗?在jquery中,cors = true。
#5
4
With WCF, you need to do more than just adding the custom headers in web.config. Just editing web.config is sufficient for an ASP.NET Web API, but if that's not what you're working on, you'll need to add custom code to allow the OPTIONS header, within your web service. Basically, you need to create a message inspector and then some endpoint behavior that uses the message inspector class to add the required headers.
使用WCF,您需要做的不仅仅是在web.config中添加自定义头。只是网络编辑。配置对于ASP来说就足够了。NET Web API,但是如果这不是您正在处理的,那么您需要添加自定义代码,以便在Web服务中允许选项头。基本上,您需要创建一个消息检查器,然后创建一些端点行为,使用消息检查器类添加所需的头。
For code and an example service, see the WCF page on enable-cors.org.
有关代码和示例服务,请参阅enable-cors.org上的WCF页面。
#6
-1
Have tried adding Access-Control-Allow-Origin in header in Response as following(only if you want your WCF service be accessible from any domain),
尝试在header中添加Access-Control-Allow-Origin(仅当您希望您的WCF服务可从任何域访问时),
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin","*");
In one of my Web API method, I used UrlReferrer for this. The code looks like following
在我的一个Web API方法中,我使用了UrlReferrer。代码如下所示
Uri referredURL = HttpContext.Current.Request.UrlReferrer;
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "http://" + referredURL.Host);
But this method is little risky, as it is not guaranteed whether you will get the UrlReferrer or not because it depends on the client(browser).
但是这种方法风险不大,因为它不能保证您是否会获得UrlReferrer,因为它取决于客户机(浏览器)。