仅在 IIS 中发布时,在 ASP.net Core 3.1 WebAPI 中启用 CORS 时出错

Posted

技术标签:

【中文标题】仅在 IIS 中发布时,在 ASP.net Core 3.1 WebAPI 中启用 CORS 时出错【英文标题】:Error on Enable CORS in ASP.net Core 3.1 WebAPI in only when published in IIS 【发布时间】:2020-09-21 03:42:12 【问题描述】:

我有一个带有 asp core 3.1 的 api 当我使用本地主机时,一切都很好,但是当我在我的 IIS 上发布它时它不起作用并给我启用 CORS 的错误

我的 startup.cs 代码是 

 public class Startup

    public Startup(IConfiguration configuration)
    
        Configuration = configuration;
    

    public IConfiguration Configuration  get; 

    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    



        services.AddDbContext<ApplicationDbContext>(
        options => options.UseSqlServer(
            this.Configuration.GetConnectionString("DefaultConnection")));

        //Configure Identity framework core  
        services.AddIdentityCore<ApplicationUser>()
             .AddEntityFrameworkStores<ApplicationDbContext>().AddDefaultTokenProviders();



        services.AddIdentity<ApplicationUser, IdentityRole>(config =>
        
            config.Password.RequiredLength = 4;
            config.Password.RequireDigit = false;
            config.Password.RequireNonAlphanumeric = false;
            config.Password.RequireUppercase = false;
            config.Password.RequireLowercase = false;
        )
           .AddEntityFrameworkStores<ApplicationDbContext>()
           .AddDefaultTokenProviders();




        services.AddCors(options =>
        
            options.AddPolicy("CrosPolicy", builder =>
            builder
            .SetIsOriginAllowed((host) => true)
            //.AllowAnyOrigin()
            .AllowAnyMethod()
            .AllowAnyHeader()
            .AllowCredentials()
            .Build()
            );
        );
        services.AddControllers();

        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddJwtBearer(options =>
           
               options.TokenValidationParameters = new TokenValidationParameters
               
                   ValidateIssuer = true,
                   ValidateAudience = true,
                   ValidateLifetime = true,
                   ValidateIssuerSigningKey = true,
                   ValidIssuer = Configuration["jwt:Issuer"],
                   ValidAudience = Configuration["jwt:Issuer"],
                   IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["jwt:key"]))
               ;
           );            

    

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    
        if (env.IsDevelopment())
        
            app.UseDeveloperExceptionPage();
        

        app.UseHttpsRedirection();

        app.UseRouting();

        app.UseCors("CrosPolicy");

        app.UseAuthentication();

        app.UseAuthorization();

        app.UseEndpoints(endpoints =>
        
            endpoints.MapControllers();
        );

我不知道我要做什么请帮助我,我也在这篇文章中尝试解决方案,How to enable CORS in ASP.net Core WebAPI 它不适合我

【问题讨论】:

blogs.iis.net/iisteam/getting-started-with-the-iis-cors-module 我建议您也可以检查您是否启用了任何 IIS 身份验证模式。例如“基本身份验证”。如果您启用了任何 IIS 身份验证,建议您尝试将其修改为 Anonymous authentication 以检查此错误是否消失。 【参考方案1】:

我尝试了很多东西,但最后我找到了解决方案,我像这样改变了 CORS 的位置:

 public Startup(IConfiguration configuration)
    
        Configuration = configuration;
    

    public IConfiguration Configuration  get; 

    public void ConfigureServices(IServiceCollection services)
    



        services.AddDbContext<ApplicationDbContext>(
        options => options.UseSqlServer(
            this.Configuration.GetConnectionString("DefaultConnection")));


        services.AddIdentityCore<ApplicationUser>()
             .AddEntityFrameworkStores<ApplicationDbContext>().AddDefaultTokenProviders();



        services.AddIdentity<ApplicationUser, IdentityRole>(config =>
        
            config.Password.RequiredLength = 4;
            config.Password.RequireDigit = false;
            config.Password.RequireNonAlphanumeric = false;
            config.Password.RequireUppercase = false;
            config.Password.RequireLowercase = false;
        )
           .AddEntityFrameworkStores<ApplicationDbContext>()
           .AddDefaultTokenProviders();




        services.AddControllers();

        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddJwtBearer(options =>
           
               options.TokenValidationParameters = new TokenValidationParameters
               
                   ValidateIssuer = true,
                   ValidateAudience = true,
                   ValidateLifetime = true,
                   ValidateIssuerSigningKey = true,
                   ValidIssuer = Configuration["jwt:Issuer"],
                   ValidAudience = Configuration["jwt:Issuer"],
                   IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["jwt:key"]))
               ;
           );


        services.AddMvc();

    


    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    
        if (env.IsDevelopment())
        
            app.UseDeveloperExceptionPage();
        

        app.UseHttpsRedirection();

        app.UseRouting();

        app.UseCors(b => b.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin());

        app.UseAuthentication();

        app.UseAuthorization();

        app.UseEndpoints(endpoints =>
        
            endpoints.MapControllers();
        );

【讨论】:

似乎这可能有效,但我不确定 AllowAnyOrigin 是否“安全”。

以上是关于仅在 IIS 中发布时,在 ASP.net Core 3.1 WebAPI 中启用 CORS 时出错的主要内容,如果未能解决你的问题,请参考以下文章

从 IIS 获取我托管的 Asp.Net 网站的运行会话计数

ASP.NET/IIS:所有文件类型为 404

重定向到登录页面时,asp.net/iis 不附加 ReturnUrl

Asp.net 缓存在 IIS 上不起作用。 IIS上有没有设置

在 IIS 中托管 ASP Net Core 应用程序时无限页面加载

用户运行托管 IIS 链接时如何在 asp.net 中获取客户端 IP 地址