我使用ajax将令牌存储在请求标头中,并将其发送到Rest Web api。这是我发送到Web api的请求:
var xhr = new XMLHttpRequest();
$.ajax({
url: 'http://localhost:32253/api/UserDetail/Authenticate',
headers: {
"Authorization-Token": res,
"X-HTTP-Method-Override": "GET"
},
type: 'GET',
async: false,
contentType: "application/json",
dataType: 'json',
success: function (data) {
alert("Success from success callback!");
// ShowData(data);
$('#RId').text(data.RoleId);
$('#RDesc').text(data.RoleDescription);
$('#RName').text(data.RoleName);
},
error: function (xhr, status) {
alert(status);
}
//complete: function (data) {
// alert("Success!from complete function");
// }
});
在服务器端(REST Web API),我试图读取标头
if (Request.Headers.Contains("Authorization-Token"))
{
var token = Request.Headers.GetValues("Authorization-Token").First();
}
但是该请求不包含标头“ Authorization-Token”。我可以在Access-Control-request-Headers中看到标题名称。我不知道如何读懂它的价值。有人可以帮我吗。我也启用了cors
更新现在我正在使用请求对象的标准Authorization标头传递令牌
$.ajax({
url: 'http://localhost:32253/api/UserDetail/Authenticate',
beforeSend: function (xhr) {
xhr.setRequestHeader("Authorization", "Basic " + res);
},
type: 'GET',
async: false,
contentType: "application/json",
dataType: 'json',
authorization: res,
success: function (data) {
alert("Success from success callback!");
// ShowData(data);
$('#RId').text(data.RoleId);
$('#RDesc').text(data.RoleDescription);
$('#RName').text(data.RoleName);
},
error: function (xhr, status) {
alert(status);
}
//complete: function (data) {
// alert("Success!from complete function");
// }
});
但我无法在请求标头中找到它。请参阅图像以获取更多详细信息请求标头
REQUEST LOG这是在服务器端收到的请求
OPTIONS /api/UserDetail/Authenticate HTTP/1.1
Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en;q=0.5
Host: localhost:32253
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization-token,content-type
Origin: http://localhost:14576
感谢Daniel的建议。就像您在“选项请求”中告诉的那样。我在OPTIONS请求的响应中设置了Access-Control-Allow-Headers。我在REST Web API的global.asax.cs中添加了以下内容
protected void Application_BeginRequest(object sender, EventArgs e)
{
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "http://localhost:14576");
if (HttpContext.Current.Request.HttpMethod == "OPTIONS")
{
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept, X-Authorization-Token, X-HTTP-Method-Override");
HttpContext.Current.Response.End();
}
}
客户端请求代码如下:
var xhr = new XMLHttpRequest();
$.ajax({
url: 'http://localhost:32253/api/UserDetail/Authenticate',
beforeSend: function (xhr) {
xhr.setRequestHeader('X-Authorization-Token', res);
xhr.setRequestHeader('X-HTTP-Method-Override', "GET");
},
type: 'GET',
async: false,
dataType: 'json',
success: function (data) {
alert("Success from success callback!");
},
error: function (xhr, status) {
alert(status);
}
});
其余的Web api代码,用于读取标头:
if (Request.Headers.Contains("X-Authorization-Token"))
{
var token = Request.Headers.GetValues("X-Authorization-Token").First();
}
这样很好。
谢谢您的时间和建议:)
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句