0

我正在尝试使用 VS2005 和 IIS6 开发 Ajax Webservice。它的目的是基于过滤的 MS Access 表查询数据库并以文本/csv(不是我的选择!)的形式返回记录。服务必须可以从任何客户端浏览器访问(只要它支持 Ajax 和 XMLHTTPRequest 对象),最有可能是 Linux 服务器。这显然涉及到跨站HTTP请求的现象。当客户端是 MS IE 8 时,它可以毫不费力地工作,这可能是因为该 Web 工具的安全性实施过于草率。问题出现在 Firefox 12 中,调用服务的函数返回 HTTP/1.1 403 Forbidden。VB中的Web服务代码如下:

Option Explicit On
Option Strict On

Imports System.Web
Imports System.Web.Services
Imports System.Web.Services.Protocols
Imports System.ComponentModel
Imports System.Web.Script.Services

Imports System
Imports System.Data
Imports System.Data.OleDb
Imports System.Data.Odbc


<System.Web.Services.WebService(Namespace:="http://chpt.co.uk/CastusDataTransport")> _
<System.Web.Services.WebServiceBinding(ConformsTo:=WsiProfiles.BasicProfile1_1)> _
<ToolboxItem(False)> <ScriptService()> _
Public Class TransferToolData
    Inherits System.Web.Services.WebService

    Const AccConStr As String = "Provider=Microsoft.Jet.OLEDB.4.0; Data       Source=c:\inetpub\wwwroot\Castus_Server\App_Data\db1.mdb"

<WebMethod()> _
Public Function GetJobRecords(ByVal ClientID As Long) As String

    LogGrabJobData("Request for Job Data")

    Return GrabJobData(ClientID)
End Function

Private Function GrabJobData(ByVal ID As Long) As String

    Dim strData As String
    Dim MyDB As New OleDbConnection
    Dim drGet As OleDbDataReader
    Dim cmdRetrieve As New OleDbCommand
    Dim cs As String
    Dim RecCount As Long

    cs = AccConStr
    MyDB = New OleDbConnection(cs)
    cmdRetrieve.Connection = MyDB
    cmdRetrieve.CommandText = "SELECT * FROM Job_Data WHERE Client_ID = " & ID.ToString
    cmdRetrieve.Connection.Open()
    drGet = cmdRetrieve.ExecuteReader
strData = "’Job_ID’, ’Client_ID’, ’Status_ID’, ’Product_ID’, ’Serial_No’, ’Date_IN’, ’RA_Scale’, ’Location’, ’Manager’, ’Operator’, ’Stage’\n"

    RecCount = 0

    Do While (drGet.Read())
        strData &= Convert.ToString(drGet.Item("Job_ID")) & ","
        strData &= Convert.ToString(drGet.Item("Client_ID")) & ","
        strData &= Convert.ToString(drGet.Item("Status_ID")) & ","
        strData &= Convert.ToString(drGet.Item("Product_ID")) & ","
        'strData &= DelimitTextQuotes(Convert.ToString(drGet.Item("Client_Ref"))) & ","
        strData &= DelimitTextQuotes(Convert.ToString(drGet.Item("Serial_No"))) & ","
        strData &= Format(drGet.Item("Date_IN"), "d") & ","
        'strData &= DelimitTextQuotes(Convert.ToString(drGet.Item("Notes"))) & ","
        strData &= Convert.ToString(drGet.Item("RA_Scale")) & ","
        strData &= DelimitTextQuotes(Convert.ToString(drGet.Item("Location"))) & ","
        strData &= DelimitTextQuotes(Convert.ToString(drGet.Item("Manager"))) & ","
        strData &= DelimitTextQuotes(Convert.ToString(drGet.Item("Operator"))) & ","
        strData &= Convert.ToString(drGet.Item("Stage")) & "\n"

        RecCount += 1
    Loop

    Return strData
End Function

客户端以最普通的方式调用它:

function makeCall(){        
    var xmlHttp;
try {
        xmlHttp = new XMLHttpRequest();
    } catch (e) {
        try {
            xmlHttp = new ActiveXObject("Msxml2.XMLHTTP");
        } catch (e) {
            try {
                xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");
            } catch (e) {
                alert("This sample only works in browsers with AJAX support"); 
                return false;
            }
        }
    }

    // Create result handler 
    xmlHttp.onreadystatechange=function(){
        if(xmlHttp.readyState == 4){
            document.getElementById("result").value = xmlHttp.responseText;
        }
    }
         var url;
    url = "http://chpt.co.uk/Castus_Server/TransferToolData.asmx/GetJobRecords";
    var body = '{"ClientID":';
    body = body + document.getElementById("num1").value + '}';
    xmlHttp.open("POST", url, true);
    xmlHttp.setRequestHeader("Content-type", "application/json");
    xmlHttp.send(body);
}

403 错误似乎来自客户端的 Preflight 请求(我注意到 IE 只是跳过了 - 这是一个糟糕的设计错误,我希望其他浏览器现在会降低自己的水平)。IIS Web 应用程序配置为返回以下 HTTP 标头:

Access-Control-Allow-Origin "*"
Access-Control-Allow-Headers  Origin,cache-control,man,messagetype,x-requested-with
Access-Control-Allow-Methods POST,OPTIONS

Firefox 浏览器/服务器发送以下标头:

Request URL:
http://chpt.co.uk/Castus_Server/TransferToolData.asmx/GetJobRecords

Request Method:
OPTIONS

Status Code:
HTTP/1.1 403 Forbidden


Request Headers
15:05:03.984

  Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  Accept-Encoding:gzip, deflate
  Accept-Language:en-gb,en;q=0.5
  Access-Control-Request-Headers:content-type
  Access-Control-Request-Method:POST
  Cache-Control:no-cache
  Connection:keep-alive
  Host:chpt.co.uk
  Origin:null
  Pragma:no-cache
  User-Agent:Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0


Response Headers
?1984ms

   Access-Control-Allow-Headers:Origin,cache-control,man,messagetype,x-requested-with
   Access-Control-Allow-Methods:POST
   Access-Control-Allow-Origin:*
   Access-Control-Max-Age:120
   Content-Length:1827
   Content-Type:text/html
   Date:Thu, 17 May 2012 14:04:54 GMT
   MicrosoftOfficeWebServer:5.0_PubServer:Microsoft-IIS/6.0
   X-Powered-By:ASP.NET

现在我已经阅读了关于这个主题的“圣经”网页,[https://developer.mozilla.org/en/http_access_control#Access-Control-Allow-Methods][1] 并且学到了一些东西但不是解决方案我现在的问题。只是想知道是否有人能看到我哪里出错或指出我正确的方向。希望我没有让每个人感到无聊,并且我已经提供了足够的关于我的困境的细节。

4

1 回答 1

0

很明显,似乎没有人知道这个问题,我不能再浪费时间了(我已经设计并提供了一个解决方案),我将关闭这个问题。使用 ScriptService() Web 服务时,跨站点 HTTP 请求 API 似乎只是一个小故障。我会在几个月后再试一次,看看问题是否已经“自行解决”!当我有解决方案时,我会在这里发布... Jim McGoldrick cablesafe.co.uk

于 2012-06-12T13:02:07.397 回答