在Windows身份验证IIS验证之前,如何拦截HTTP选项请求(CORS Preflight(?
我做了一个中间件,然后尝试了:
public async Task Invoke(HttpContext context)
{
if (context.Request.Method.Equals("OPTIONS"))
{
context.Response.StatusCode = 204;
context.Response.Headers.Add("Access-Control-Allow-Origin", new [] {"http://cwfr003320:9393"});
context.Response.Headers.Add("Access-Control-Allow-Credentials", new[] { "true" });
context.Response.Headers.Add("Access-Control-Allow-Methods", new[] { "GET, POST, PUT, DELETE, OPTIONS" });
context.Response.Headers.Add("Access-Control-Allow-Headers", new[] { "Accepts, Content-Type, Origin,Access-Control-Allow-Origin, Access-Control-Allow-Credentials" });
context.Response.Headers.Add("Access-Control-Max-Age", new[] { "3600" });
return;
}
await _next.Invoke(context);
}
但是,我为选项请求获得了401代码。我如何解决此错误?使用匿名身份验证,它的工作正常...
预先感谢您。
您需要使用IIS CORS模块来允许前飞行请求通过Windows Authentication,
https://blogs.iis.net/iisteam/getting-with-with-the-the-iis-cors-module