CORS（跨源資源共享），HTTPS不工作（IIS託管WCF休息啓用端點）

Question

嗨希望有人能幫助

我一直在尋找讓一個簡單的原型採用CORS對WCF通過https工作。我們已經實現了一個解決方案，並在http中測試它，並且它工作正常。只要我們嘗試使用https調用WCF端點，我們就會在這種情況下獲得「404 Not Found」。 但在我們的生產代碼中，我收到了一個「400錯誤的請求」，我將在稍後發佈！現在我想幫助404錯誤。

我已經搜索並嘗試了很多東西，但仍然沒有得到它的工作！

我已經寫了一個測試web項目和WCF端點，在http中工作正常。

在客戶端，我想提出一個jQuery的AJAX請求發送到以下端點

var theUrl = "https://myhostmachine/Cors/service.svc/web"; 
function makeGetDataJQueryRequest() { 
    $.support.cors = true; 
    $.ajax({ 
     url: theUrl + "/GetData?value=24", 
     contentType: "application/json; charset=utf-8", 
     type: "POST", 
     cache: false, 
     dataType: "json", 
     //    data: undefined, 
     success: function (response) { 
      alert("success"); 
     }, 
     error: function (a, b, c) { 
      alert("error"); 
     } 
    }); 
} 

在服務器上，我有我的WCF的代碼，做所有的預檢CORS響應和我在HTTP說工作。

1. 我已經設置了一個自簽名證書，並在我的IIS中使用該證書，並且確保通過mmc插件將其添加到我的證書存儲中。

2. 當我直接提出請求時，我可以看到它沒有發送OPTIONS請求，爲什麼不呢？但它通過http發送它？

的Fiddler請求：

POST https://myhostmachine/Cors/service.svc/web/GetData?value=24 HTTP/1.1 
Host: hsw10530.cse-servelec.com 
Connection: keep-alive 
Content-Length: 0 
Accept: application/json, text/javascript, */*; q=0.01 
Origin: https://myhostmachine 
X-Requested-With: XMLHttpRequest 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.103 Safari/537.36 
Content-Type: application/json; charset=utf-8 
Referer: https://hsw10530.cse-servelec.com/CorsClient/ 
Accept-Encoding: gzip,deflate 
Accept-Language: en-US,en;q=0.8 
Cookie: ASPSESSIONIDCGCSARDQ=IFNPFPKAJIMFCJHEANDFOBCH 

響應：

HTTP/1.1 404 Not Found 
Server: Microsoft-IIS/7.5 
X-Powered-By: ASP.NET 
Date: Thu, 11 Sep 2014 09:36:51 GMT 
Content-Length: 0 

在Web.config如下：

<?xml version="1.0" encoding="UTF-8"?> 
<configuration> 


    <system.web> 
    <compilation debug="true" /> 
    </system.web> 

    <system.serviceModel> 

    <behaviors> 
     <serviceBehaviors> 
     <behavior> 
      <serviceMetadata httpGetEnabled="True" /> 
      <serviceDebug includeExceptionDetailInFaults="True" /> 
     </behavior> 
     </serviceBehaviors> 

     <endpointBehaviors> 
     <behavior name="restBehaviour"> 
      <webHttp /> 
      <CorsSupport /> 
     </behavior> 
     </endpointBehaviors> 

    </behaviors> 

    <extensions> 
     <behaviorExtensions> 
     <add name="CorsSupport" type="WcfService.Cors.CorsSupportBehaviorElement, WcfService" /> 
     </behaviorExtensions> 
    </extensions> 

    <bindings> 
     <webHttpBinding> 
     <binding name="CORSWebHttpBinding" crossDomainScriptAccessEnabled="True" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647"> 
      <readerQuotas maxDepth="32" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" /> 
      <security mode="Transport"> 
      </security> 
     </binding> 
     </webHttpBinding> 
    </bindings> 

    <services> 
     <service name="WcfService.Service1"> 
     <host> 
      <baseAddresses /> 
     </host> 
     <endpoint address="" binding="wsHttpBinding" contract="WcfService.IService1" /> 
     <endpoint address="web" binding="webHttpBinding" bindingConfiguration="" behaviorConfiguration="restBehaviour" contract="WcfService.IService1" /> 
     <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> 
     </service> 
    </services> 

    </system.serviceModel> 

</configuration> 

下面是WCF代碼或至少很重要的一點，它可以完成飛行前的所有工作。

public class CorsMessageInspector : IDispatchMessageInspector 
    { 
     public object AfterReceiveRequest(ref Message request, IClientChannel channel, InstanceContext instanceContext) 
     { 
      HttpRequestMessageProperty httpRequest = request.Properties["httpRequest"] as HttpRequestMessageProperty; 

      // Check if the client sent an "OPTIONS" request 
      if (httpRequest != null) 
      { 
       if (httpRequest.Method == "OPTIONS") 
       { 
        // Store the requested headers 
        OperationContext.Current.Extensions.Add(new PreflightDetected(
         httpRequest.Headers["Access-Control-Request-Headers"])); 
       } 
      } 
      return null; 
     } 

     public void BeforeSendReply(ref Message reply, object correlationState) 
     { 
      HttpResponseMessageProperty property = null; 

      if (reply == null) 
      { 
       // This will usually be for a preflight response 
       reply = Message.CreateMessage(MessageVersion.None, null); 
       property = new HttpResponseMessageProperty(); 
       reply.Properties[HttpResponseMessageProperty.Name] = property; 
       property.StatusCode = HttpStatusCode.OK; 
      } 
      else 
      { 
       property = reply.Properties[HttpResponseMessageProperty.Name] as HttpResponseMessageProperty; 
      } 

      PreflightDetected preflightRequest = OperationContext.Current.Extensions.Find<PreflightDetected>(); 
      if (preflightRequest != null) 
      { 
       // Add allow HTTP headers to respond to the preflight request 
       if (preflightRequest.RequestedHeaders == string.Empty) 
        property.Headers.Add("Access-Control-Allow-Headers", "Accept"); 
       else 
        property.Headers.Add("Access-Control-Allow-Headers", preflightRequest.RequestedHeaders + ", Accept"); 

       //http://hsw10530.cse-servelec.com 
       property.Headers.Add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE"); 
      } 

      // Add allow-origin header to each response message, because client expects it 
      property.Headers.Add("Access-Control-Allow-Origin", "*"); 
     } 
    } 

您的幫助將不勝感激，如果你曾經去過能夠建立CORS通過SSL和你做了什麼來得到它的工作？

非常感謝 安德魯

Answer 1

好吧，我得到它的工作，在那之後我只需要提供bindingConfiguration因爲我在配置的底部端點都必須以此爲空字符串

所以配置文件確實存在;我只是沒有指定這個。你也可以看到安全模式是ssl的Transport，否則在標準http上它應該被設置爲None。

<endpoint address="web" binding="webHttpBinding" bindingConfiguration="CORSWebHttpBinding" behaviorConfiguration="restBehaviour" contract="WcfService.IService1" /> 

我也沒必要對CORSWebHttpBinding的crossDomainScriptAccessEnabled =「真」，因爲這似乎是使用http時停止它，但在HTTPS OK。