嗨希望有人能幫助CORS(跨源資源共享),HTTPS不工作(IIS託管WCF休息啓用端點)
我一直在尋找讓一個簡單的原型採用CORS對WCF通過https工作。我們已經實現了一個解決方案,並在http中測試它,並且它工作正常。只要我們嘗試使用https調用WCF端點,我們就會在這種情況下獲得「404 Not Found」。 但在我們的生產代碼中,我收到了一個「400錯誤的請求」,我將在稍後發佈!現在我想幫助404錯誤。
我已經搜索並嘗試了很多東西,但仍然沒有得到它的工作!
我已經寫了一個測試web項目和WCF端點,在http中工作正常。
在客戶端,我想提出一個jQuery的AJAX請求發送到以下端點
var theUrl = "https://myhostmachine/Cors/service.svc/web";
function makeGetDataJQueryRequest() {
$.support.cors = true;
$.ajax({
url: theUrl + "/GetData?value=24",
contentType: "application/json; charset=utf-8",
type: "POST",
cache: false,
dataType: "json",
// data: undefined,
success: function (response) {
alert("success");
},
error: function (a, b, c) {
alert("error");
}
});
}
在服務器上,我有我的WCF的代碼,做所有的預檢CORS響應和我在HTTP說工作。
我已經設置了一個自簽名證書,並在我的IIS中使用該證書,並且確保通過mmc插件將其添加到我的證書存儲中。
當我直接提出請求時,我可以看到它沒有發送OPTIONS請求,爲什麼不呢?但它通過http發送它?
的Fiddler請求:
POST https://myhostmachine/Cors/service.svc/web/GetData?value=24 HTTP/1.1
Host: hsw10530.cse-servelec.com
Connection: keep-alive
Content-Length: 0
Accept: application/json, text/javascript, */*; q=0.01
Origin: https://myhostmachine
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.103 Safari/537.36
Content-Type: application/json; charset=utf-8
Referer: https://hsw10530.cse-servelec.com/CorsClient/
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Cookie: ASPSESSIONIDCGCSARDQ=IFNPFPKAJIMFCJHEANDFOBCH
響應:
HTTP/1.1 404 Not Found
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 11 Sep 2014 09:36:51 GMT
Content-Length: 0
在Web.config如下:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<compilation debug="true" />
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="True" />
<serviceDebug includeExceptionDetailInFaults="True" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="restBehaviour">
<webHttp />
<CorsSupport />
</behavior>
</endpointBehaviors>
</behaviors>
<extensions>
<behaviorExtensions>
<add name="CorsSupport" type="WcfService.Cors.CorsSupportBehaviorElement, WcfService" />
</behaviorExtensions>
</extensions>
<bindings>
<webHttpBinding>
<binding name="CORSWebHttpBinding" crossDomainScriptAccessEnabled="True" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647">
<readerQuotas maxDepth="32" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="Transport">
</security>
</binding>
</webHttpBinding>
</bindings>
<services>
<service name="WcfService.Service1">
<host>
<baseAddresses />
</host>
<endpoint address="" binding="wsHttpBinding" contract="WcfService.IService1" />
<endpoint address="web" binding="webHttpBinding" bindingConfiguration="" behaviorConfiguration="restBehaviour" contract="WcfService.IService1" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
</system.serviceModel>
</configuration>
下面是WCF代碼或至少很重要的一點,它可以完成飛行前的所有工作。
public class CorsMessageInspector : IDispatchMessageInspector
{
public object AfterReceiveRequest(ref Message request, IClientChannel channel, InstanceContext instanceContext)
{
HttpRequestMessageProperty httpRequest = request.Properties["httpRequest"] as HttpRequestMessageProperty;
// Check if the client sent an "OPTIONS" request
if (httpRequest != null)
{
if (httpRequest.Method == "OPTIONS")
{
// Store the requested headers
OperationContext.Current.Extensions.Add(new PreflightDetected(
httpRequest.Headers["Access-Control-Request-Headers"]));
}
}
return null;
}
public void BeforeSendReply(ref Message reply, object correlationState)
{
HttpResponseMessageProperty property = null;
if (reply == null)
{
// This will usually be for a preflight response
reply = Message.CreateMessage(MessageVersion.None, null);
property = new HttpResponseMessageProperty();
reply.Properties[HttpResponseMessageProperty.Name] = property;
property.StatusCode = HttpStatusCode.OK;
}
else
{
property = reply.Properties[HttpResponseMessageProperty.Name] as HttpResponseMessageProperty;
}
PreflightDetected preflightRequest = OperationContext.Current.Extensions.Find<PreflightDetected>();
if (preflightRequest != null)
{
// Add allow HTTP headers to respond to the preflight request
if (preflightRequest.RequestedHeaders == string.Empty)
property.Headers.Add("Access-Control-Allow-Headers", "Accept");
else
property.Headers.Add("Access-Control-Allow-Headers", preflightRequest.RequestedHeaders + ", Accept");
//http://hsw10530.cse-servelec.com
property.Headers.Add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
}
// Add allow-origin header to each response message, because client expects it
property.Headers.Add("Access-Control-Allow-Origin", "*");
}
}
您的幫助將不勝感激,如果你曾經去過能夠建立CORS通過SSL和你做了什麼來得到它的工作?
非常感謝 安德魯