How to handle cross-domain web service calls from

2020-03-19 03:41发布

问题:

I am trying to call a web service cross domain from within an HTML widget. This does not seem to work. It worked great under the same domain. I am trying to create a log in page within Orchard that could be used to log in to my software on another domain. The web service is validating the user credentials and returning a boolean which then would generate the users authentication.

I read that I could use an HTTP Handler or another web service (on the Orchard side) to call the web service on the other domain, but I'm not familiar enough with MVC or Orchard to do this. How can I add one of these to my Orchard web application?

回答1:

Cross-domain calls from within client-side code are a no-no in all major browsers. You can either

  1. Use CORS, ie. set Access-Control-Allow-Origin header to http://your-caller-domain.com in the web service response to allow requests originating from your website domain
  2. Use JSONP technique
  3. Create a custom proxy API within your application (using plain ASP.NET MVC controller or a WebAPI one) that will perform the call on server side using WebClient class and return the response to you.

Options are ordered from best to worst. CORS is supported by most browsers, except IE8/9 (which have partial support via XDomainRequest) and older. There are workarounds for this though.

Note that first two involve changes on the web-service side - if you can't do it, option 3. is the only one left.