I have a simple actionmethod, that returns some json. It runs on ajax.example.com. I need to access this from another site someothersite.com.

If I try to call it, I get the expected...:

Origin http://someothersite.com is not allowed by Access-Control-Allow-Origin.

I know of two ways to get around this: JSONP and creating a custom HttpHandler to set the header.

Is there no simpler way?

Is it not possible for a simple action to either define a list of allowed origins - or simple allow everyone? Maybe an action filter?

Optimal would be...:

return json(mydata, JsonBehaviour.IDontCareWhoAccessesMe);
For plain ASP.NET MVC Controllers

Create a new attribute

public class AllowCrossSiteJsonAttribute : ActionFilterAttribute

{

    public override void OnActionExecuting(ActionExecutingContext filterContext)

    {

        filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", "*");

        base.OnActionExecuting(filterContext);

    }

}

Tag your action:

[AllowCrossSiteJson]

public ActionResult YourMethod()

{

    return Json("Works better?");

}

For ASP.NET Web API

using System;

using System.Web.Http.Filters;

public class AllowCrossSiteJsonAttribute : ActionFilterAttribute

{

    public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)

    {

        if (actionExecutedContext.Response != null)

            actionExecutedContext.Response.Headers.Add("Access-Control-Allow-Origin", "*");

        base.OnActionExecuted(actionExecutedContext);

    }

}

Tag a whole API controller:

[AllowCrossSiteJson]

public class ValuesController : ApiController

{

Or individual API calls:

[AllowCrossSiteJson]

public IEnumerable<PartViewModel> Get()

{

    ...

}

If you are using IIS +, you can place a web.config file into the root of the folder with this in the system.webServer section:

<httpProtocol>

   <customHeaders>

      <clear />

      <add name="Access-Control-Allow-Origin" value="*" />

   </customHeaders>

</httpProtocol>

See: http://msdn.microsoft.com/en-us/library/ms178685.aspx And: http://enable-cors.org/#how-iis7

This is really simple , just add this in web.config

<system.webServer>

  <httpProtocol>

    <customHeaders>

      <add name="Access-Control-Allow-Origin" value="http://localhost" />

      <add name="Access-Control-Allow-Headers" value="X-AspNet-Version,X-Powered-By,Date,Server,Accept,Accept-Encoding,Accept-Language,Cache-Control,Connection,Content-Length,Content-Type,Host,Origin,Pragma,Referer,User-Agent" />

      <add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE, OPTIONS" />

      <add name="Access-Control-Max-Age" value="" />

    </customHeaders>

  </httpProtocol>

</system.webServer>

In Origin put all domains that have access to your web server, in headers put all possible headers that any ajax http request can use, in methods put all methods that you allow on your server

regards :)

asp.net cors solution的更多相关文章

  1. Asp.Net 跨域,Asp.Net MVC 跨域,Session共享,CORS,Asp.Net CORS,Asp.Net MVC CORS,MVC CORS

    比如 http://www.test.com 和 http://m.test.com 一.简单粗暴的方法 Web.Config <system.web> <!--其他配置 省略……- ...

  2. 一劳永逸:域名支持通配符,ASP.NET Core中配置CORS更轻松

    ASP.NET Core 内置了对 CORS 的支持,使用很简单,只需先在 Startup 的 ConfigureServices() 中添加 CORS 策略: public void Configu ...

  3. 一劳永逸:域名支持通配符,ASP.NET Core中配置CORS

    ASP.NET Core 内置了对 CORS 的支持,使用很简单,只需先在 Startup 的 ConfigureServices() 中添加 CORS 策略: public void Configu ...

  4. Incorporating ASP.NET MVC and SQL Server Reporting Services, Part 1

    Your ASP.NET MVC application needs reports. What do you do? In this article, I will demonstrate how ...

  5. ngx-admin with Asp.net Core 2.0, possibly plus OrchardCore

    1 Download ngx-admin from https://github.com/akveo/ngx-admin 2 Create a new Web Application in vs201 ...

  6. OAuth Implementation for ASP.NET Web API using Microsoft Owin.

    http://blog.geveo.com/OAuth-Implementation-for-WebAPI2 OAuth is an open standard for token based aut ...

  7. C#.NET开源项目、机器学习、商务智能

    所以原谅我,不能把所有的都发上来,太杂了,反而不好. 1..NET时间周期处理组件 这个组件很小,主要是对时间日期,特别是处理时间间隔以及时间范围非常方便.虽然.NET自带了时间日期的部分功能,但可能 ...

  8. vs问题集

    ******将获取的所有的','换成'<br/>'********** data.Data.StandardSeating.replace(/,/g,"<br/>&q ...

  9. 支持Ajax跨域访问ASP.NET Web Api 2(Cors)的简单示例教程演示

    随着深入使用ASP.NET Web Api,我们可能会在项目中考虑将前端的业务分得更细.比如前端项目使用Angularjs的框架来做UI,而数据则由另一个Web Api 的网站项目来支撑.注意,这里是 ...

随机推荐

  1. Lock 和 synchronized 的区别

    Lock 和 synchronized 的区别 Lock是一个接口,而synchronized是Java中的关键字,synchronized是内置的语言实现: synchronized在发生异常时,会 ...

  2. admin.ModelAdmin 后台管理关联对象,某个字段怎么显示值

    admin.ModelAdmin 后台管理关联对象,某个字段如何显示值?对象 WxpAccount:              accountName = ... 对象 AccountMenu:    ...

  3. mysql常用语法操作

    一.用户管理: 1.新建用户: >CREATE USER name IDENTIFIED BY 'ssapdrow'; 2.更改密码: >SET PASSWORD FOR name=PAS ...

  4. DevExpress GridControl控件行内新增、编辑、删除添加选择框(转)

    http://blog.csdn.net/m1654399928/article/details/21951519 1.首先到GridControl控件设计里设置属性Repository    (In ...

  5. jQuery如何取得HiddenField值(转)

    <f:HiddenField runat="server" ID="cat_id" Text="ssss"/> var strD ...

  6. codevs 1131 统计单词数

    #include<iostream> #include<string> using namespace std; int main() { string s, s0; getl ...

  7. EXPLAIN执行计划中要重点关注哪些要素(转)

    EXPLAIN的结果中,有哪些关键信息值得注意呢? MySQL的EXPLAIN当然和ORACLE的没法比,不过我们从它输出的结果中,也可以得到很多有用的信息. 总的来说,我们只需要关注结果中的几列: ...

  8. CentOS Linux解决Device eth0 does not seem to be present 但是没有发现eth1

    http://www.linuxidc.com/Linux/2012-12/76248.htm 此标题已经是有人写过的了.但是为什么拿来重写? 我复制完,没有发现有eth1这个网卡 为什么呢?需要选中 ...

  9. appium 5-27屏幕旋转、

    1.屏幕切换 注意:应用一定要支持横竖屏切换,否则无效果, public void testBrowser() throws InterruptedException { Thread.sleep(1 ...

  10. 快速开发jQuery插件的10大技巧

    原文链接:http://wiki.itivy.com/?p=36 在开发过很多 jQuery 插件以后,我慢慢的摸索出了一套开发jQuery插件比较标准的结构和模式.这样我就可以 copy & ...