问题描述

我的项目中需要Windows身份验证，但后请求已中断.我有一个HttpInterceptor的全局实现.

I need windows authentication in my project, but post-request is broken.I have a global implementation of HttpInterceptor.

在我的后端启用了授权信息.

Cors enabled in my backend.

services.AddCors(options => options.AddPolicy("AllowAllOrigin", builder => builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader().AllowCredentials()))

当我发送get-request时，我会在后端检索用户身份，没关系.请求后出了什么事?

When i send get-request i retrieve user identity in backend and it's alright.What's wrong with post-request?

OPTIONS http://localhost:56789/api/document/GetDocuments 401 (Unauthorized)
Failed to load http://localhost:56789/api/document/GetDocuments: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access. The response had HTTP status code 401.

P.S.当我设置匿名身份验证时，所有的获取/发布请求均有效，但是我没有用户身份

P.S. When i setted anonymous authentication all get/post requests work, but i do not have user identity

环境

Angular version: ^5.1.0-beta.1
Angular-cli version: ^1.6.0-beta.2 

Browser:
- [ x ] Chrome (desktop) version 62.0.3202.94

For Tooling issues:
- Node version: XX  8.8.1
- Platform:  Windows 

我的前端服务:

@Injectable()
export class DocumentService {
    controllerName: string = 'document';
    constructor(private http: HttpClient, @Inject('API_URL') private apiUrl: string) { }

    getDocuments(view: AppModels.View.BaseView): rx.Observable<AppModels.Document.DocumentList> {        
        return this.http.post<AppModels.Document.DocumentList>(`${this.apiUrl}/${this.controllerName}/GetDocuments`, view);
    }
}

我的HttpInterceptor:

My HttpInterceptor:

@Injectable()
export class AuthHttpInterceptor implements HttpInterceptor {
    intercept(req: HttpRequest, next: HttpHandler): rx.Observable<HttpEvent> {
        const headers = {};
        const clone = req.clone({ setHeaders: headers, withCredentials: true })
        return next.handle(clone);
    }
}

推荐答案

尝试同时启用匿名身份验证和Windows身份验证，并在控制器上设置[Authorize]属性.我认为401未经授权的响应是由启用CORS引起的，并且是预检标头不包含身份验证令牌的结果.

Try enabling both Anonymous and Windows Authentication and set the [Authorize] attribute on your controller. I believe the 401 Unauthorized response is caused by enabling CORS, and is a result of the preflight header not containing an authentication token.

一种替代方法是将您的http POST更改为简单请求"，从而将Content-Type值限制为:

An alternative would be to change your http POST to a 'simple request' which limits Content-Type values to:

• application/x-www-form-urlencoded
• multipart/form-data
• 文本/纯文本

简单请求"不会触发CORS预检.请参见 https://developer.mozilla.org/zh-CN/docs/Web/HTTP/CORS 了解有关CORS规范的详细信息.

'simple requests' do not trigger a CORS preflight. See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS for details on the CORS specification.

这篇关于角度5:请求后& Windows身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！