由网友(°慵懒午后上演甜蜜的情节)分享简介：我已经创造了个人账户安全性的asp.net的Web API 2服务。我试图把它形成AngularJs按照这个例子：的http://www.$c$cproject.com/Articles/742532/Using-Web-API-Individual-User-Account-plus-CORS-En不能得到这工作，所...

我已经创造了个人账户安全性的asp.net的Web API 2服务。我试图把它形成AngularJs按照这个例子：的http://www.$c$cproject.com/Articles/742532/Using-Web-API-Individual-User-Account-plus-CORS-En不能得到这工作，所以从这里增加了一些配置：如何使CORS在验证2的WebAPI？

I've created an asp.net web api 2 service with individual account security. I'm trying to call it form AngularJs as per this example: http://www.codeproject.com/Articles/742532/Using-Web-API-Individual-User-Account-plus-CORS-En could not get that to work so added some config from here: How to make CORS Authentication in WebAPI 2?

和无法越过这个错误：XMLHtt prequest无法加载'serverRegisterUrl。在访问控制允许来源头包含多个值'clientUrl，*，*'，但只有一个是允许的。因此出身clientUrl'是不允许访问。

and can't get past this error: XMLHttpRequest cannot load 'serverRegisterUrl'. The 'Access-Control-Allow-Origin' header contains multiple values 'clientUrl, *, *', but only one is allowed. Origin 'clientUrl' is therefore not allowed access.

我不明白此错误消息。我认为，访问控制允许来源字符串意味着允许起源clientUrl，所有报头，所有的方法

I don't understand this error message. I think that Access-Control-Allow-Origin string means allow origin clientUrl, all headers, all methods

我不明白的问题。如果我应该只是指定原点独自地方，我不知道哪里是。

I don't understand the problem. If I'm supposed to just specify the origin alone somewhere, I don't know where that is.

我在微软Azure上运行这一点，只是在它的问题的情况下使用VS前preSS为网络2013更新2。

I'm running this on Microsoft Azure and using vs express for web 2013 update 2 just in case it matters.

不幸的是我不得不把我的链接出来的错误信息，因为我需要至少在10声誉这里的问题后超过2链接。

I unfortunately had to take my links out of the error message because I need atleast reputation 10 here to post more then 2 links in a question.

推荐答案

我得到了它的工作，我觉得它来到了配置。Web.config文件：没有访问控制允许来源customHeaders节点

I got it working, I think it came down to configuration. Web.config: no "Access-Control-Allow-Origin" customHeaders node

Startup.Auth.cs：结果 //这必须先来拦截/令牌请求 app.UseCors（CorsOptions.AllowAll）;

Startup.Auth.cs: // This must come first to intercept the /Token requests app.UseCors(CorsOptions.AllowAll);

//启用使用令牌承载验证用户应用 app.UseOAuthBearerTokens（OAuthOptions）;

WebApiConfig.cs：（这里未启用CORS） //无功CORS =新EnableCorsAttribute（*，*，*）; // config.EnableCors（CORS）;

WebApiConfig.cs: (not enabling cors here) //var cors = new EnableCorsAttribute("*", "*", "*"); //config.EnableCors(cors);

AccountController.cs：属性上GetExternalLogin方法： [EnableCors（来源：*，标题：*，方法：*）]

AccountController.cs: attribute on GetExternalLogin method: [EnableCors(origins: "*", headers: "*", methods: "*")]

我觉得这是我的整个目前的CORS配置。

I think that's my whole current CORS config.