How to enable cross origin requests in ASP.NET MVC [duplicate]

Answer 1

What I think is the most convenient is to create your own class like this :

with the following code in it :

using System;
using System.Web.Mvc;

public class AllowCrossSiteAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", "http://localhost:4200");
        filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Headers", "*");
        filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Credentials", "true");

        base.OnActionExecuting(filterContext);
    }
}

After this it's let you use this decorator on a method or on the whole controller

You should be able to see that in your response header after this procedure

Thank's to this response

Answer 2

I think you have to add it into "OnAuthentication" step or add config into your web config. You can try my code :) it works

 public class AllowCrossSiteJsonAttribute : ActionFilterAttribute, IAuthorizationFilter
    {
        public void OnAuthorization(AuthorizationContext filterContext)
        {
            filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", "*");
        }

    }

Answer 3

Enabling CORS in mvc 5(core) first need to add Microsoft.AspNetCore.Cors package to your project. Then configure startup.cs like this for all website

public void ConfigureServices(IServiceCollection services)
 {
     services.AddMvc();
     //Add Cors support to the service
     services.AddCors();

     var policy = new Microsoft.AspNet.Cors.Core.CorsPolicy();

     policy.Headers.Add("*");    
     policy.Methods.Add("*");          
     policy.Origins.Add("*");
     policy.SupportsCredentials = true;

     services.ConfigureCors(x=>x.AddPolicy("AllPolicy", policy));

 }


 public void Configure(IApplicationBuilder app, IHostingEnvironment  env)
 {
     // Configure the HTTP request pipeline.

     app.UseStaticFiles();
     //Use the new policy globally
     app.UseCors("AllPolicy");
     // Add MVC to the request pipeline.
     app.UseMvc();
 }

and then also you can use like this

[EnableCors("AllPolicy")]

Details here

Answer 4

You can also use below code to allow cross-origin request

public void ProcessRequest (HttpContext context)
        {
     context.Response.AddHeader("Access-Control-Allow-Origin" , "*");
}

Answer 5

I've had success using the OWIN CORS implementation (nuget Microsoft.Owin.Cors) to enable Cors for MVC Controllers and Owin middleware, in addition to ApiControllers. Microsoft.AspNet.WebApi.Cors (using config.EnableCors() and the [EnableCors] attribute) only seems to work with ApiControllers.

See http://benfoster.io/blog/aspnet-webapi-cors for sample code.

Answer 6

Add the configuration setting in your web.config file to set the value for Access-Control-Allow-Origin in customHeaders like this -

<configuration>
 <system.webServer>
   <httpProtocol>
     <customHeaders>
       <add name="Access-Control-Allow-Origin" value="*" />
     </customHeaders>
   </httpProtocol>
 </system.webServer>
</configuration>

You would like to visit this and this for more details and some other options.