How to enable cross origin requests in ASP.NET MVC [duplicate]

Solution 1:

Add the configuration setting in your web.config file to set the value for Access-Control-Allow-Origin in customHeaders like this -

<configuration>
 <system.webServer>
   <httpProtocol>
     <customHeaders>
       <add name="Access-Control-Allow-Origin" value="*" />
     </customHeaders>
   </httpProtocol>
 </system.webServer>
</configuration>

You would like to visit this and this for more details and some other options.

Solution 2:

What I think is the most convenient is to create your own class like this :

enter image description here

with the following code in it :

using System;
using System.Web.Mvc;

public class AllowCrossSiteAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", "http://localhost:4200");
        filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Headers", "*");
        filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Credentials", "true");

        base.OnActionExecuting(filterContext);
    }
}

After this it's let you use this decorator on a method or on the whole controller

enter image description here enter image description here

You should be able to see that in your response header after this procedure

enter image description here

Thank's to this response

Solution 3:

I've had success using the OWIN CORS implementation (nuget Microsoft.Owin.Cors) to enable Cors for MVC Controllers and Owin middleware, in addition to ApiControllers. Microsoft.AspNet.WebApi.Cors (using config.EnableCors() and the [EnableCors] attribute) only seems to work with ApiControllers.

See http://benfoster.io/blog/aspnet-webapi-cors for sample code.