gpt4 book ai didi

asp.net - Web API 2.1 Windows 身份验证 CORS Firefox

转载 作者:行者123 更新时间:2023-12-02 11:48:22 24 4
gpt4 key购买 nike

这是场景:

我创建了一个 Web api 项目和一个 mvc 项目,如下所示:

http://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api

我通过 nuget 安装了 CORS 支持并添加了 EnableCorsAttribute

我运行了该项目,在 Chrome、IE 和 FireFox 上一切都按预期运行(GET、PUT 和 POST)。

然后我在 Web api 项目中启用了 Windows 身份验证(是的,我确实需要在 api 项目中启用 win 身份验证)。为了使其正常工作,我将 xhrFields arg 添加到我的 jquery.ajax 调用中:

        $.ajax({
type: method,
url: serviceUrl,
data: JSON.stringify(foo),
contentType: 'application/json; charset=UTF-8',
xhrFields: {
withCredentials: true
}
}).done(function (data) {
$('#value1').text(data);
}).error(function (jqXHR, textStatus, errorThrown) {
$('#value1').text(jqXHR.responseText || textStatus);
});

此外,我设置了 EnableCorsAttribute.SupportsCredentials 属性 = true

我测试了一切。 Chrome 和 IE 有效,FireFox 无效。 Firefox 收到 401 响应其预检 (OPTIONS) 请求。

FireFox 似乎没有尝试通过该服务进行身份验证。

有没有人找到解决这个问题的方法?

最佳答案

我想出了一个由两部分组成的解决方案。

问题在于,当 Firefox 发出 OPTION 请求并被 401 拒绝时,它不再尝试重新进行身份验证。这导致我绕过所有 OPTION 请求的身份验证。我找不到有关该主题的太多信息,但我确实找到了这个:

401 response for CORS request in IIS with Windows Auth enabled

(原页面内容引用如下)

Enabling NTLM Authentication (Single Sign-On) in Firefox

This HowTo will describe how to enable NTLM authentication (Single Sign-On) in Firefox.

How many of you have noticed that when you are using Internet Explorer and you browse to your companies intranet page that it will automatically authenticate you but when you use Firefox you will be prompted with a login box?

I recently, in searching for solutions to allow NTLM authentication with Apache, stumbled across how to set a preference in Firefox that will pass the NTLM authentication information to a web server. The preference is network.automatic-ntlm-auth.trusted-uris.

So how do you do it?

1) Open Firefox and type “about:config” in the address bar. (without the quotes of course)

2) In the ‘Filter’ field type the following “network.automatic-ntlm-auth.trusted-uris”

3) Double click the name of the preference that we just searched for

4) Enter the URLs of the sites you wish to pass NTLM auth info to in the form of:

http://intranet.company.com,http://email.company.lan

5) Notice that you can use a comma separated list in this field.

6) Updated: I have created VBScript that can be used to insert this information into a users prefs.js file by using group policy or standalone if for some reason you want to use it for that.

The script is available to be downloaded here.

After downloading the script you will want to extract it from the ZIP archive and then modify the line starting with strSiteList.

NOTE: This script will not perform its function if the user has Firefox open at the time the script is executed. Running the script through group policy will work without problem unless for some reason your group policy launches Firefox before the execution of this script.

You can read through the rest of the script for additional information. If you have questions, comments or concerns please let me know.

基于此,我在 api 项目的设置中将匿名身份验证设置为启用(我仍然将 Windows 身份验证设置为启用)。

运行项目(mvc 和 api)后,在发出 CORS 请求时系统提示我输入凭据。提供我的凭据后,我能够使用 Firefox 成功进行 GET/POST/PUTS。

为了消除 Firefox 中的凭据提示,我收到了来自 Brock Allen 的提示这让我走上了启用 NTLM 身份验证的道路。我发现了一个帖子here它提供了有关如何更改适当设置的说明。

将“http://localhost”添加到network.negotiate-auth.trusted-uris设置后,我现在可以针对所有动词发出 CORS 请求使用 Firefox 时不会提示输入凭据。

关于asp.net - Web API 2.1 Windows 身份验证 CORS Firefox,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/22183384/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com