一、常見跨域及說明
同IP不同端口: http:IP:8001/api/user http:IP:8002/api/user
不同IP不同端口: http://172.28.20.100:8001/api/user http://172.128.20.100:8002/api/user
webapi 、 網站 都是http下
1、webapi發佈在本地,調試debug網站後臺調用webapi接口 跨域是允許訪問
2、webapi發佈在本地,調試debug網站前臺ajax 調用webapi接口 跨域是不允許訪問 需要做下面的跨域處理
二、不做跨域處理進行請求
那WebApi(http://172.23.13.232:80)和網站(http://localhost:57447)
$.ajax({
type: "GET",
url: "http://172.23.13.232/api/services/Employee/ArchiveManager/Archive/GetWebApi",
data: {id:5}
//dataType: "json",
//contentType: 'application/json; charset=utf-8'
}).success(function (res) {
alert(JSON.stringify(res.result));
}).error(function (xhr, status) {
console.log(xhr);
});
前臺請求出現下錯誤:
三、CORS解決跨域問題的原理
CORS全稱Cross-Origin Resource Sharing,中文全稱跨域資源共享,是一種允許當前域的資源被其他域的腳本請求訪問的機制。它解決跨域問題的原理是通過向http的請求報文和響應報文裏面加入相應的標識告訴瀏覽器它能訪問哪些域名的請求。比如我們向響應報文裏面增加這個Access-Control-Allow-Origin:http://localhost:57447,就表示支持http://localhost:57447裏面的所有請求訪問系統資源。
四、CORS解決跨域問題的步驟
在NuGet包處安裝Microsoft.AspNet.WebApi.Cors包
2、在WEBAPI 項目添加設置
在WebApiModule類添加 以下兩行代碼
//解決跨域問題
var cors = new EnableCorsAttribute("*", "*", "*");//第一個參數是指定的域(www.baidu.com 多個域可以以","分隔)
GlobalConfiguration.Configuration.EnableCors(cors);
引用using System.Web.Http.Cors;
以上兩步設置完成 就可以跨域訪問了
注意: 網上說加上上面的兩行代碼就可以,但我本地網站調試下 前臺調用webapi 接口還是不管用 需要webapi中 設置指定域名才管用 參照第三步
3、設置跨域參數
第二步中使用的是config.EnableCors(new EnableCorsAttribute("*", "*", "*"));這樣是很不安全的,現在設置爲只允許某域名能訪問
若允許多個域名訪問WebApi,可用逗號隔開,示例代碼如下:
public static void Register(HttpConfiguration config)
{
//跨域配置
config.EnableCors(new EnableCorsAttribute("http://localhost:57777,http://localhost:57447", "*", "*"));
......
}
前臺訪問代碼
$.ajax({
type: "GET",
url: "http://172.23.13.232/api/services/Employee/ArchiveManager/Archive/GetWebApi",
data: {id:5}
//dataType: "json",
//contentType: 'application/json; charset=utf-8'
}).success(function (res) {
alert(JSON.stringify(res.result));
}).error(function (xhr, status) {
console.log(xhr);
});
後臺訪問代碼
public ActionResult TestPostAction()
{
var re = HttpPostCreateRequest("http://172.23.13.232/api/services/Employee/ArchiveManager/Archive/GetAllArchiveByAppointVersion","versionId = 4");
return Content(re);
}
public static string HttpPostCreateRequest(string url,string param)
{
System.GC.Collect();//垃圾回收,回收沒有正常關閉的http連接
string result = "";//返回結果
HttpWebRequest request = null;
HttpWebResponse response = null;
try
{
byte[] bs = Encoding.ASCII.GetBytes(param);
//設置最大連接數
ServicePointManager.DefaultConnectionLimit = 200;
//設置https驗證方式
//if (url.StartsWith("https", StringComparison.OrdinalIgnoreCase))
//{
// ServicePointManager.ServerCertificateValidationCallback =
// new RemoteCertificateValidationCallback(CheckValidationResult);
//}
request = (HttpWebRequest)WebRequest.Create(url);
request.UserAgent = "Mozilla/5.0 (Windows NT 6.2; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0";
request.KeepAlive = true;
request.ProtocolVersion = HttpVersion.Version11;
request.Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8";
request.Credentials = CredentialCache.DefaultCredentials;
request.AllowAutoRedirect = true;
request.Method = "POST";
request.Timeout = 60 * 1000;
//設置POST的數據類型和長度
request.ContentType = "application/x-www-form-urlencoded";
//安全證書4__.95155.com.crt ,Key:changit
//X509Certificate2 cert = new X509Certificate2(AppDomain.CurrentDomain.BaseDirectory + "bin\\4__.95155.com.crt", "changit");
//request.ClientCertificates.Add(cert);
request.ContentLength = bs.Length;
using (Stream reqStream = request.GetRequestStream())
{
reqStream.Write(bs, 0, bs.Length);
}
//獲取服務端返回
response = (HttpWebResponse)request.GetResponse();
//獲取服務端返回數據
StreamReader sr = new StreamReader(response.GetResponseStream(), Encoding.UTF8);
result = sr.ReadToEnd().Trim();
sr.Close();
}
catch (System.Threading.ThreadAbortException e)
{
System.Threading.Thread.ResetAbort();
throw e;
}
catch (WebException e)
{
if (e.Status == WebExceptionStatus.ProtocolError)
{
throw e;
}
}
catch (Exception e)
{
throw e;
}
finally
{
//關閉連接和流
if (response != null)
{
response.Close();
}
if (request != null)
{
request.Abort();
}
}
return result;
}