在WebApi中實現Cors訪問
Cors是個比較熱的技術,這在蔣金楠的博客裏也有體現,Cors簡單來講就是「跨域資源訪問」的意思,這種訪問咱們指的是Ajax實現的異步訪問,形象點說就是,一個A網站公開一些接口方法,對於B網站和C網站能夠經過發Xmlhttprequest請求來調用A網站的方法,對於xmlhttprequest封裝比較好的插件如jquery的$.ajax,它可讓開發者很容易的編寫AJAX異步請求,不管是Get,Post,Put,Delete請求均可以發送。html
Cors並非什麼新的技術,它只是對HTTP請求頭進行了一個加工,還有咱們的Cors架構裏,對jsonp也有封裝,讓開發者在使用jsonp訪問裏,編寫的代碼量更少,更直觀,呵呵。(Jsonp和Json沒什麼關係,它是從一個URI返回一個Script響應塊,因此,JSONP自己是和域名不要緊的,而傳統上的JSON是走xmlhttprequest的,它在默認狀況下,是不能跨域訪問的)jquery
作在後
一 下面先說一下,對jsonp的封裝
1 註冊jsonp類型,在global.asax裏Application_Start方法中ajax
GlobalConfiguration.Configuration.Formatters.Insert(0, new EntityFrameworks.Web.Core.JsonpMediaTypeFormatter());
2 編寫JsonpMediaTypeFormatter這個類型中實現了對jsonp請求的響應,並在響應流中添加指定信息,如callback方法名。json
/// <summary>
/// 對jsonp響應流的封裝
/// </summary>
public class JsonpMediaTypeFormatter : JsonMediaTypeFormatter
{
public string Callback { get; private set; }
public JsonpMediaTypeFormatter(string callback = null)
{
this.Callback = callback;
}
public override Task WriteToStreamAsync(
Type type,
object value,
Stream writeStream,
HttpContent content,
TransportContext transportContext)
{
if (string.IsNullOrEmpty(this.Callback))
{
return base.WriteToStreamAsync(type, value, writeStream, content, transportContext);
}
try
{
this.WriteToStream(type, value, writeStream, content);
return Task.FromResult<AsyncVoid>(new AsyncVoid());
}
catch (Exception exception)
{
TaskCompletionSource<AsyncVoid> source = new TaskCompletionSource<AsyncVoid>();
source.SetException(exception);
return source.Task;
}
}
private void WriteToStream(
Type type,
object value,
Stream writeStream,
HttpContent content)
{
JsonSerializer serializer = JsonSerializer.Create(this.SerializerSettings);
using (StreamWriter streamWriter = new StreamWriter(writeStream, this.SupportedEncodings.First()))
using (JsonTextWriter jsonTextWriter = new JsonTextWriter(streamWriter) { CloseOutput = false })
{
jsonTextWriter.WriteRaw(this.Callback + "(");
serializer.Serialize(jsonTextWriter, value);
jsonTextWriter.WriteRaw(")");
}
}
public override MediaTypeFormatter GetPerRequestFormatterInstance(
Type type,
HttpRequestMessage request,
MediaTypeHeaderValue mediaType)
{
if (request.Method != HttpMethod.Get)
{
return this;
}
string callback;
if (request.GetQueryNameValuePairs().ToDictionary(pair => pair.Key,
pair => pair.Value).TryGetValue("callback", out callback))
{
return new JsonpMediaTypeFormatter(callback);
}
return this;
}
[StructLayout(LayoutKind.Sequential, Size = 1)]
private struct AsyncVoid
{
}
}
二 對指定域名實現友好的跨域資源訪問
1 在global.asax中註冊這個HttpHandler,使它對HTTP的處理進行二次加工,它能夠有同步和異步兩個版本,本例中實現異步方式實現跨域
//對指定URI的網站進行跨域資源的共享 GlobalConfiguration.Configuration.MessageHandlers.Add(new EntityFrameworks.Web.Core.Handlers.CorsMessageHandler());
下面是MessageHandlers原代碼,實現對HTTP請求的二次處理服務器
/// <summary>
/// 跨域資源訪問的HTTP處理程序
/// </summary>
public class CorsMessageHandler : DelegatingHandler
{
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
//獲得描述目標Action的HttpActionDescriptor
HttpMethod originalMethod = request.Method;
bool isPreflightRequest = request.IsPreflightRequest();
if (isPreflightRequest)
{
string method = request.Headers.GetValues("Access-Control-Request-Method").First();
request.Method = new HttpMethod(method);
}
HttpConfiguration configuration = request.GetConfiguration();
HttpControllerDescriptor controllerDescriptor = configuration.Services.GetHttpControllerSelector().SelectController(request);
HttpControllerContext controllerContext = new HttpControllerContext(request.GetConfiguration(), request.GetRouteData(), request)
{
ControllerDescriptor = controllerDescriptor
};
HttpActionDescriptor actionDescriptor = configuration.Services.GetActionSelector().SelectAction(controllerContext);
//根據HttpActionDescriptor獲得應用的CorsAttribute特性
CorsAttribute corsAttribute = actionDescriptor.GetCustomAttributes<CorsAttribute>().FirstOrDefault() ??
controllerDescriptor.GetCustomAttributes<CorsAttribute>().FirstOrDefault();
if (null == corsAttribute)
{
return base.SendAsync(request, cancellationToken);
}
//利用CorsAttribute實施受權並生成響應報頭
IDictionary<string, string> headers;
request.Method = originalMethod;
bool authorized = corsAttribute.TryEvaluate(request, out headers);
HttpResponseMessage response;
if (isPreflightRequest)
{
if (authorized)
{
response = new HttpResponseMessage(HttpStatusCode.OK);
}
else
{
response = request.CreateErrorResponse(HttpStatusCode.BadRequest, corsAttribute.ErrorMessage);
}
}
else
{
response = base.SendAsync(request, cancellationToken).Result;
}
//添加響應報頭
if (headers != null && headers.Any())
foreach (var item in headers)
response.Headers.Add(item.Key, item.Value);
return Task.FromResult<HttpResponseMessage>(response);
}
}
2 添加Cors特性,以便處理能夠跨域訪問的域名,如B網站和C網站架構
/// <summary>
/// Cors特性
/// </summary>
[AttributeUsage(AttributeTargets.Class, Inherited = true, AllowMultiple = false)]
public class CorsAttribute : Attribute
{
public Uri[] AllowOrigins { get; private set; }
public string ErrorMessage { get; private set; }
public CorsAttribute(params string[] allowOrigins)
{
this.AllowOrigins = (allowOrigins ?? new string[0]).Select(origin => new Uri(origin)).ToArray();
}
public bool TryEvaluate(HttpRequestMessage request, out IDictionary<string, string> headers)
{
headers = null;
string origin = null;
try
{
origin = request.Headers.GetValues("Origin").FirstOrDefault();
}
catch (Exception)
{
this.ErrorMessage = "Cross-origin request denied";
return false;
}
Uri originUri = new Uri(origin);
if (this.AllowOrigins.Contains(originUri))
{
headers = this.GenerateResponseHeaders(request);
return true;
}
this.ErrorMessage = "Cross-origin request denied";
return false;
}
private IDictionary<string, string> GenerateResponseHeaders(HttpRequestMessage request)
{
//設置響應頭"Access-Control-Allow-Methods"
string origin = request.Headers.GetValues("Origin").First();
Dictionary<string, string> headers = new Dictionary<string, string>();
headers.Add("Access-Control-Allow-Origin", origin);
if (request.IsPreflightRequest())
{
//設置響應頭"Access-Control-Request-Headers"
//和"Access-Control-Allow-Headers"
headers.Add("Access-Control-Allow-Methods", "*");
string requestHeaders = request.Headers.GetValues("Access-Control-Request-Headers").FirstOrDefault();
if (!string.IsNullOrEmpty(requestHeaders))
{
headers.Add("Access-Control-Allow-Headers", requestHeaders);
}
}
return headers;
}
}
/// <summary>
/// HttpRequestMessage擴展方法
/// </summary>
public static class HttpRequestMessageExtensions
{
public static bool IsPreflightRequest(this HttpRequestMessage request)
{
return request.Method == HttpMethod.Options
&& request.Headers.GetValues("Origin").Any()
&& request.Headers.GetValues("Access-Control-Request-Method").Any();
}
}
3 下面是爲指定的API類型添加指定域名訪問的特性cors
[CorsAttribute("http://localhost:11879/", "http://localhost:5008/")]/*須要加在類上*/
public class ValuesController : ApiController
{
//代碼省略
}
下面看一下實例的結果:異步
上圖中分別使用了jsonp和json兩種方法,看一下它們的響應結果ide
CORS其實是在服務端的響應頭上添加的標準的Access-Control-Allow-Origin的信息,它是一種跨域資源訪問的標準
能夠看到,jsonp實現上是一種遠程JS方法的調用,客戶端發起一個HTTP請求,這經過callback參數(一串隨機數)來區別多個客戶端,每一個客戶端的請求callback都是不一樣的,它們由服務器端處理數據,再經過callback隨機數去爲指定客戶端返回數據。
轉:http://www.cnblogs.com/lori/p/3557111.html
相關文章
- 1. WebApi系列~在WebApi中實現Cors訪問
- 2. CORS在Spring中的實現
- 3. SpringBoot裏的CORS 實現跨域訪問
- 4. ASP.NET WebAPI 15 CORS
- 5. Cors跨域訪問
- 6. CORS跨域訪問
- 7. Asp.Net WebApi 啓用CORS跨域訪問指定多個域名
- 8. 使用Cors後臺設置WebAPI接口跨域訪問
- 9. c# WebApi之解決跨域問題:Cors
- 10. HTTP訪問控制(CORS)
- 更多相關文章...
- • 現實生活中的 XML - XML 教程
- • Swift 訪問控制 - Swift 教程
- • TiDB 在摩拜單車在線數據業務的應用和實踐
- • ☆基於Java Instrument的Agent實現
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. 字節跳動21屆秋招運營兩輪面試經驗分享
- 2. Java 3 年,25K 多嗎?
- 3. mysql安裝部署
- 4. web前端開發中父鏈和子鏈方式實現通信
- 5. 3.1.6 spark體系之分佈式計算-scala編程-scala中trait特性
- 6. dataframe2
- 7. ThinkFree在線
- 8. 在線畫圖
- 9. devtools熱部署
- 10. 編譯和鏈接
歡迎關注本站公眾號,獲取更多信息
