我正在尝试使用 VS2005 和 IIS6 开发 Ajax Webservice。它的目的是基于过滤的 MS Access 表查询数据库并以文本/csv(不是我的选择!)的形式返回记录。服务必须可以从任何客户端浏览器访问(只要它支持 Ajax 和 XMLHTTPRequest 对象),最有可能是 Linux 服务器。这显然涉及到跨站HTTP请求的现象。当客户端是 MS IE 8 时,它可以毫不费力地工作,这可能是因为该 Web 工具的安全性实施过于草率。问题出现在 Firefox 12 中,调用服务的函数返回 HTTP/1.1 403 Forbidden。VB中的Web服务代码如下:
Option Explicit On
Option Strict On
Imports System.Web
Imports System.Web.Services
Imports System.Web.Services.Protocols
Imports System.ComponentModel
Imports System.Web.Script.Services
Imports System
Imports System.Data
Imports System.Data.OleDb
Imports System.Data.Odbc
<System.Web.Services.WebService(Namespace:="http://chpt.co.uk/CastusDataTransport")> _
<System.Web.Services.WebServiceBinding(ConformsTo:=WsiProfiles.BasicProfile1_1)> _
<ToolboxItem(False)> <ScriptService()> _
Public Class TransferToolData
Inherits System.Web.Services.WebService
Const AccConStr As String = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=c:\inetpub\wwwroot\Castus_Server\App_Data\db1.mdb"
<WebMethod()> _
Public Function GetJobRecords(ByVal ClientID As Long) As String
LogGrabJobData("Request for Job Data")
Return GrabJobData(ClientID)
End Function
Private Function GrabJobData(ByVal ID As Long) As String
Dim strData As String
Dim MyDB As New OleDbConnection
Dim drGet As OleDbDataReader
Dim cmdRetrieve As New OleDbCommand
Dim cs As String
Dim RecCount As Long
cs = AccConStr
MyDB = New OleDbConnection(cs)
cmdRetrieve.Connection = MyDB
cmdRetrieve.CommandText = "SELECT * FROM Job_Data WHERE Client_ID = " & ID.ToString
cmdRetrieve.Connection.Open()
drGet = cmdRetrieve.ExecuteReader
strData = "’Job_ID’, ’Client_ID’, ’Status_ID’, ’Product_ID’, ’Serial_No’, ’Date_IN’, ’RA_Scale’, ’Location’, ’Manager’, ’Operator’, ’Stage’\n"
RecCount = 0
Do While (drGet.Read())
strData &= Convert.ToString(drGet.Item("Job_ID")) & ","
strData &= Convert.ToString(drGet.Item("Client_ID")) & ","
strData &= Convert.ToString(drGet.Item("Status_ID")) & ","
strData &= Convert.ToString(drGet.Item("Product_ID")) & ","
'strData &= DelimitTextQuotes(Convert.ToString(drGet.Item("Client_Ref"))) & ","
strData &= DelimitTextQuotes(Convert.ToString(drGet.Item("Serial_No"))) & ","
strData &= Format(drGet.Item("Date_IN"), "d") & ","
'strData &= DelimitTextQuotes(Convert.ToString(drGet.Item("Notes"))) & ","
strData &= Convert.ToString(drGet.Item("RA_Scale")) & ","
strData &= DelimitTextQuotes(Convert.ToString(drGet.Item("Location"))) & ","
strData &= DelimitTextQuotes(Convert.ToString(drGet.Item("Manager"))) & ","
strData &= DelimitTextQuotes(Convert.ToString(drGet.Item("Operator"))) & ","
strData &= Convert.ToString(drGet.Item("Stage")) & "\n"
RecCount += 1
Loop
Return strData
End Function
客户端以最普通的方式调用它:
function makeCall(){
var xmlHttp;
try {
xmlHttp = new XMLHttpRequest();
} catch (e) {
try {
xmlHttp = new ActiveXObject("Msxml2.XMLHTTP");
} catch (e) {
try {
xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");
} catch (e) {
alert("This sample only works in browsers with AJAX support");
return false;
}
}
}
// Create result handler
xmlHttp.onreadystatechange=function(){
if(xmlHttp.readyState == 4){
document.getElementById("result").value = xmlHttp.responseText;
}
}
var url;
url = "http://chpt.co.uk/Castus_Server/TransferToolData.asmx/GetJobRecords";
var body = '{"ClientID":';
body = body + document.getElementById("num1").value + '}';
xmlHttp.open("POST", url, true);
xmlHttp.setRequestHeader("Content-type", "application/json");
xmlHttp.send(body);
}
403 错误似乎来自客户端的 Preflight 请求(我注意到 IE 只是跳过了 - 这是一个糟糕的设计错误,我希望其他浏览器现在会降低自己的水平)。IIS Web 应用程序配置为返回以下 HTTP 标头:
Access-Control-Allow-Origin "*"
Access-Control-Allow-Headers Origin,cache-control,man,messagetype,x-requested-with
Access-Control-Allow-Methods POST,OPTIONS
Firefox 浏览器/服务器发送以下标头:
Request URL:
http://chpt.co.uk/Castus_Server/TransferToolData.asmx/GetJobRecords
Request Method:
OPTIONS
Status Code:
HTTP/1.1 403 Forbidden
Request Headers
15:05:03.984
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding:gzip, deflate
Accept-Language:en-gb,en;q=0.5
Access-Control-Request-Headers:content-type
Access-Control-Request-Method:POST
Cache-Control:no-cache
Connection:keep-alive
Host:chpt.co.uk
Origin:null
Pragma:no-cache
User-Agent:Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0
Response Headers
?1984ms
Access-Control-Allow-Headers:Origin,cache-control,man,messagetype,x-requested-with
Access-Control-Allow-Methods:POST
Access-Control-Allow-Origin:*
Access-Control-Max-Age:120
Content-Length:1827
Content-Type:text/html
Date:Thu, 17 May 2012 14:04:54 GMT
MicrosoftOfficeWebServer:5.0_PubServer:Microsoft-IIS/6.0
X-Powered-By:ASP.NET
现在我已经阅读了关于这个主题的“圣经”网页,[https://developer.mozilla.org/en/http_access_control#Access-Control-Allow-Methods][1] 并且学到了一些东西但不是解决方案我现在的问题。只是想知道是否有人能看到我哪里出错或指出我正确的方向。希望我没有让每个人感到无聊,并且我已经提供了足够的关于我的困境的细节。