I have a simple actionmethod, that returns some json. It runs on ajax.example.com. I need to access this from another site someothersite.com.

If I try to call it, I get the expected...:

Origin http://someothersite.com is not allowed by Access-Control-Allow-Origin.

I know of two ways to get around this: JSONP and creating a custom HttpHandler to set the header.

Is there no simpler way?

Is it not possible for a simple action to either define a list of allowed origins - or simple allow everyone? Maybe an action filter?

Optimal would be...:

return json(mydata, JsonBehaviour.IDontCareWhoAccessesMe);
For plain ASP.NET MVC Controllers

Create a new attribute

public class AllowCrossSiteJsonAttribute : ActionFilterAttribute

{

    public override void OnActionExecuting(ActionExecutingContext filterContext)

    {

        filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", "*");

        base.OnActionExecuting(filterContext);

    }

}

Tag your action:

[AllowCrossSiteJson]

public ActionResult YourMethod()

{

    return Json("Works better?");

}

For ASP.NET Web API

using System;

using System.Web.Http.Filters;

public class AllowCrossSiteJsonAttribute : ActionFilterAttribute

{

    public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)

    {

        if (actionExecutedContext.Response != null)

            actionExecutedContext.Response.Headers.Add("Access-Control-Allow-Origin", "*");

        base.OnActionExecuted(actionExecutedContext);

    }

}

Tag a whole API controller:

[AllowCrossSiteJson]

public class ValuesController : ApiController

{

Or individual API calls:

[AllowCrossSiteJson]

public IEnumerable<PartViewModel> Get()

{

    ...

}

If you are using IIS +, you can place a web.config file into the root of the folder with this in the system.webServer section:

<httpProtocol>

   <customHeaders>

      <clear />

      <add name="Access-Control-Allow-Origin" value="*" />

   </customHeaders>

</httpProtocol>

See: http://msdn.microsoft.com/en-us/library/ms178685.aspx And: http://enable-cors.org/#how-iis7

This is really simple , just add this in web.config

<system.webServer>

  <httpProtocol>

    <customHeaders>

      <add name="Access-Control-Allow-Origin" value="http://localhost" />

      <add name="Access-Control-Allow-Headers" value="X-AspNet-Version,X-Powered-By,Date,Server,Accept,Accept-Encoding,Accept-Language,Cache-Control,Connection,Content-Length,Content-Type,Host,Origin,Pragma,Referer,User-Agent" />

      <add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE, OPTIONS" />

      <add name="Access-Control-Max-Age" value="" />

    </customHeaders>

  </httpProtocol>

</system.webServer>

In Origin put all domains that have access to your web server, in headers put all possible headers that any ajax http request can use, in methods put all methods that you allow on your server

regards :)

asp.net cors solution的更多相关文章

  1. Asp.Net 跨域,Asp.Net MVC 跨域,Session共享,CORS,Asp.Net CORS,Asp.Net MVC CORS,MVC CORS

    比如 http://www.test.com 和 http://m.test.com 一.简单粗暴的方法 Web.Config <system.web> <!--其他配置 省略……- ...

  2. 一劳永逸:域名支持通配符,ASP.NET Core中配置CORS更轻松

    ASP.NET Core 内置了对 CORS 的支持,使用很简单,只需先在 Startup 的 ConfigureServices() 中添加 CORS 策略: public void Configu ...

  3. 一劳永逸:域名支持通配符,ASP.NET Core中配置CORS

    ASP.NET Core 内置了对 CORS 的支持,使用很简单,只需先在 Startup 的 ConfigureServices() 中添加 CORS 策略: public void Configu ...

  4. Incorporating ASP.NET MVC and SQL Server Reporting Services, Part 1

    Your ASP.NET MVC application needs reports. What do you do? In this article, I will demonstrate how ...

  5. ngx-admin with Asp.net Core 2.0, possibly plus OrchardCore

    1 Download ngx-admin from https://github.com/akveo/ngx-admin 2 Create a new Web Application in vs201 ...

  6. OAuth Implementation for ASP.NET Web API using Microsoft Owin.

    http://blog.geveo.com/OAuth-Implementation-for-WebAPI2 OAuth is an open standard for token based aut ...

  7. C#.NET开源项目、机器学习、商务智能

    所以原谅我,不能把所有的都发上来,太杂了,反而不好. 1..NET时间周期处理组件 这个组件很小,主要是对时间日期,特别是处理时间间隔以及时间范围非常方便.虽然.NET自带了时间日期的部分功能,但可能 ...

  8. vs问题集

    ******将获取的所有的','换成'<br/>'********** data.Data.StandardSeating.replace(/,/g,"<br/>&q ...

  9. 支持Ajax跨域访问ASP.NET Web Api 2(Cors)的简单示例教程演示

    随着深入使用ASP.NET Web Api,我们可能会在项目中考虑将前端的业务分得更细.比如前端项目使用Angularjs的框架来做UI,而数据则由另一个Web Api 的网站项目来支撑.注意,这里是 ...

随机推荐

  1. 如何在MFC DLL中向C#类发送消息

    如何在MFC DLL中向C#类发送消息 一. 引言 由于Windows Message才是Windows平台的通用数据流通格式,故在跨语言传输数据时,Message是一个不错的选择,本文档将描述如何在 ...

  2. 背景JS动态网格特性

    将下面代码,粘贴到设置html首页代码即可 <script type="text/javascript"> /** * Copyright (c) 2016 hustc ...

  3. BEGIN-4_蓝桥杯_Fibonacci数列

    问题描述 Fibonacci数列的递推公式为:Fn=Fn-+Fn-,其中F1=F2=. 当n比较大时,Fn也非常大,现在我们想知道,Fn除以10007的余数是多少. 输入格式 输入包含一个整数n. 输 ...

  4. bzoj 2571: Getting Rid of the Holidays

    Description B国的国王Johnny在他在位的短短几年里制定了不少的节日(事实上没超过30个),这些节日是为了尊敬各种各样他所想到的东西而设立的.每过一段固定的时间,一个节日将会被举行(即节 ...

  5. Fix-Dell iDRAC 7 error: RAC0218: The maximum number of user sessions is reached

    Hi Everyone, We came across the following error while performing some preventative maintenance check ...

  6. java 为什么wait(),notify(),notifyAll()必须在同步方法/代码块中调用?

    在Java中,所有对象都能够被作为"监视器monitor"——指一个拥有一个独占锁,一个入口队列和一个等待队列的实体entity.所有对象的非同步方法都能够在任意时刻被任意线程调用 ...

  7. python redis启用线程池管理

    pool = redis.ConnectionPool(host=REDIS_HOST, port=REDIS_PORT,max_connections=3,password=REDIS_PASSWO ...

  8. MapReduce On YARN

    MapReduce计算框架 将计算过程分为两个阶段:Map和Reduce Map阶段并行处理输入数据: Reduce阶段对Map结果进行汇总 Shuffle连接Map和Reduce两个阶段 Map T ...

  9. 图文并茂 RAID 技术全解 – RAID0、RAID1、RAID5、RAID100

    RAID 技术相信大家都有接触过,尤其是服务器运维人员,RAID 概念很多,有时候会概念混淆.这篇文章为网络转载,写得相当不错,它对 RAID 技术的概念特征.基本原理.关键技术.各种等级和发展现状进 ...

  10. 无法打开物理文件 XXX.mdf"。操作系统错误 5:"5(拒绝访问。)"的解决办法

    附加数据库时报错: 无法打开物理文件 XXX.mdf".操作系统错误 5:"5(拒绝访问.)" 原因是数据库权限无法读取路径下的文件. 解决方案 一: 数据库使用wind ...