Hi all
is it identity support cross domain ?
client : http://www.abc.com
webapi server : http://www.xyz.com
server already enable cross domain
var cors = new EnableCorsAttribute("*", "*", "*");
config.EnableCors(cors);so now client send ajax request to webapi to login
[ODataRoute("User.login")]
public async Task<IHttpActionResult> login(LoginPostData data)
{
User user = await userManager.FindByNameAsync(data.username);
if (user != null)
{
Request.GetOwinContext().Authentication.SignOut(); //确保每一次只有一个account是登入的
SignInStatus result = await signInManager.PasswordSignInAsync(data.username, data.password, true, shouldLockout: true);
switch (result)
{
case SignInStatus.Success:
return Ok();
case SignInStatus.LockedOut:
S.log.Info("Login fail : user LockedOut, username : " + data.username);
return BadRequest("locked");
case SignInStatus.Failure:
default:
S.log.Info("Login fail : user wrong password, username : " + data.username);
return BadRequest("wrongPassword");
}
}
else
{
S.log.Info("Login fail : user not found, username : " + data.username);
return BadRequest("notFound");
}
}it successful , but after that client send normal GET request, all response 401
[Authorize(Roles = "Staff")]
[ODataRoute("")]
[EnableQuery(AllowedQueryOptions = Helper.ALLOW_QUERY)]
public async Task<IHttpActionResult> get()
{
return Ok(await service.get(db, user, User));
}
any idea ?