嗨,我面临一个奇怪的问题,CORS 适用于所有其他功能,但具有 [authorize] 属性的功能除外。我正在使用openiddict对 JWTmiddleware进行授权。服务器托管在 IIS8 上,客户端应用程序位于 angular2 中。它显示以下错误。
XMLHttpRequest 无法加载 example.com/resource。对预检请求的响应未通过访问控制检查:请求的资源上不存在“Access-Control-Allow-Origin”标头。因此,不允许访问源“ http://localhost:58056 ”。
如果您想查看任何特定代码或需要更多信息,请告诉我。
app.UseStaticFiles();
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
loggerFactory.AddConsole();
app.UseIdentity();
app.UseSession();
app.UseGoogleAuthentication(new GoogleOptions
{
ClientId = "862227465575-q1spfclcfvflg4tpesfkle4e0jc3q987.apps.googleusercontent.com",
ClientSecret = "ozzg2VvH2TYbSbBYWE_HIYG5"
});
app.UseTwitterAuthentication(new TwitterOptions
{
ConsumerKey = "6XaCTaLbMqfj6ww3zvZ5g",
ConsumerSecret = "Il2eFzGIrYhz6BWjYhVXBPQSfZuS4xoHpSSyD9PI"
});
app.UseCors("AllowSpecificOrigin");
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
RequireHttpsMetadata = false
});
app.UseOpenIddict();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
routes.MapRoute(
name: "spa-fallback",
template: "{*url}",
defaults: new { controller = "Home", action = "Index" });
});
例外
Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException:IDX10 501:签名验证失败。无法匹配 'kid':'7FG4SQ4TIATESTLI-ZDHTL RYPWIEDU_RA1FVG91D',令牌:'{"alg":"RS256","typ":"JWT","kid":"7FG4SQ4TIATESTLI-ZDHTLRYPWIEDU_RA1FVG9 1D"}