I have a simple actionmethod, that returns some json. It runs on ajax.example.com. I need to access this from another site someothersite.com.

If I try to call it, I get the expected...:

Origin http://someothersite.com is not allowed by Access-Control-Allow-Origin.

I know of two ways to get around this: JSONP and creating a custom HttpHandler to set the header.

Is there no simpler way?

Is it not possible for a simple action to either define a list of allowed origins - or simple allow everyone? Maybe an action filter?

Optimal would be...:

return json(mydata, JsonBehaviour.IDontCareWhoAccessesMe);
For plain ASP.NET MVC Controllers

Create a new attribute

public class AllowCrossSiteJsonAttribute : ActionFilterAttribute

{

    public override void OnActionExecuting(ActionExecutingContext filterContext)

    {

        filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", "*");

        base.OnActionExecuting(filterContext);

    }

}

Tag your action:

[AllowCrossSiteJson]

public ActionResult YourMethod()

{

    return Json("Works better?");

}

For ASP.NET Web API

using System;

using System.Web.Http.Filters;

public class AllowCrossSiteJsonAttribute : ActionFilterAttribute

{

    public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)

    {

        if (actionExecutedContext.Response != null)

            actionExecutedContext.Response.Headers.Add("Access-Control-Allow-Origin", "*");

        base.OnActionExecuted(actionExecutedContext);

    }

}

Tag a whole API controller:

[AllowCrossSiteJson]

public class ValuesController : ApiController

{

Or individual API calls:

[AllowCrossSiteJson]

public IEnumerable<PartViewModel> Get()

{

    ...

}

If you are using IIS +, you can place a web.config file into the root of the folder with this in the system.webServer section:

<httpProtocol>

   <customHeaders>

      <clear />

      <add name="Access-Control-Allow-Origin" value="*" />

   </customHeaders>

</httpProtocol>

See: http://msdn.microsoft.com/en-us/library/ms178685.aspx And: http://enable-cors.org/#how-iis7

This is really simple , just add this in web.config

<system.webServer>

  <httpProtocol>

    <customHeaders>

      <add name="Access-Control-Allow-Origin" value="http://localhost" />

      <add name="Access-Control-Allow-Headers" value="X-AspNet-Version,X-Powered-By,Date,Server,Accept,Accept-Encoding,Accept-Language,Cache-Control,Connection,Content-Length,Content-Type,Host,Origin,Pragma,Referer,User-Agent" />

      <add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE, OPTIONS" />

      <add name="Access-Control-Max-Age" value="" />

    </customHeaders>

  </httpProtocol>

</system.webServer>

In Origin put all domains that have access to your web server, in headers put all possible headers that any ajax http request can use, in methods put all methods that you allow on your server

regards :)

asp.net cors solution的更多相关文章

  1. Asp.Net 跨域,Asp.Net MVC 跨域,Session共享,CORS,Asp.Net CORS,Asp.Net MVC CORS,MVC CORS

    比如 http://www.test.com 和 http://m.test.com 一.简单粗暴的方法 Web.Config <system.web> <!--其他配置 省略……- ...

  2. 一劳永逸:域名支持通配符,ASP.NET Core中配置CORS更轻松

    ASP.NET Core 内置了对 CORS 的支持,使用很简单,只需先在 Startup 的 ConfigureServices() 中添加 CORS 策略: public void Configu ...

  3. 一劳永逸:域名支持通配符,ASP.NET Core中配置CORS

    ASP.NET Core 内置了对 CORS 的支持,使用很简单,只需先在 Startup 的 ConfigureServices() 中添加 CORS 策略: public void Configu ...

  4. Incorporating ASP.NET MVC and SQL Server Reporting Services, Part 1

    Your ASP.NET MVC application needs reports. What do you do? In this article, I will demonstrate how ...

  5. ngx-admin with Asp.net Core 2.0, possibly plus OrchardCore

    1 Download ngx-admin from https://github.com/akveo/ngx-admin 2 Create a new Web Application in vs201 ...

  6. OAuth Implementation for ASP.NET Web API using Microsoft Owin.

    http://blog.geveo.com/OAuth-Implementation-for-WebAPI2 OAuth is an open standard for token based aut ...

  7. C#.NET开源项目、机器学习、商务智能

    所以原谅我,不能把所有的都发上来,太杂了,反而不好. 1..NET时间周期处理组件 这个组件很小,主要是对时间日期,特别是处理时间间隔以及时间范围非常方便.虽然.NET自带了时间日期的部分功能,但可能 ...

  8. vs问题集

    ******将获取的所有的','换成'<br/>'********** data.Data.StandardSeating.replace(/,/g,"<br/>&q ...

  9. 支持Ajax跨域访问ASP.NET Web Api 2(Cors)的简单示例教程演示

    随着深入使用ASP.NET Web Api,我们可能会在项目中考虑将前端的业务分得更细.比如前端项目使用Angularjs的框架来做UI,而数据则由另一个Web Api 的网站项目来支撑.注意,这里是 ...

随机推荐

  1. Qt treewidget样式的自定义(转)

    这个treewidget样式真是写得让人心碎,主因是那个天杀的表头,真是块古里古怪的硬骨头,令人抓狂,一直找不到给表头设定背景图的方法,让我一度决定弃用tree. 后来表头的属性找到了,下拉条又找不到 ...

  2. 洛谷 3706 [SDOI2017]硬币游戏——思路

    题目:https://www.luogu.org/problemnew/show/P3706 题解:https://blog.csdn.net/gjghfd/article/details/80355 ...

  3. bzoj 4137 [FJOI2015]火星商店问题——线段树分治+可持久化01trie树

    题目:https://www.lydsy.com/JudgeOnline/problem.php?id=4137 关于可持久化01trie树:https://www.cnblogs.com/LadyL ...

  4. hadoop技术入门学习之发行版选择

    经常会看到这样的问题:零基础学习hadoop难不难?有的人回答说:零基础学习hadoop,没有想象的那么难,也没有想象的那么容易.看到这样的答案不免觉得有些尴尬,这个问题算是白问了,因为这个回答似乎什 ...

  5. shell 前台进程组的选择

    控制命令如ctrl+c,ctrl+d等命令是会kill到前台进程组的,这个过程和bash进程还有tty驱动有关系. 在终端执行命令,在bash进程看来都是在执行job,然后fork出子进程来执行这些j ...

  6. php的zend引擎执行过程 一

    1. Zend引擎主要包含两个核心部分:编译.执行: 执行阶段主要用到的数据结构: opcode: php代码编译产生的zend虚拟机可识别的指令,php7有173个opcode,定义在 zend_v ...

  7. 关于新建android项目时 appcompat_v7报错问题的一点总结

    说下我的解决方案: 1.确保 appcompat项目的 target版本 低于 实际项目的android版本(就像.net中 低版本的 framewrok项目不能引用高版本framework项目一样) ...

  8. skopt学习之路1-函数介绍:dummy_minimize

    def dummy_minimize(func,dimensions,n_calls=100, x0=None, y0=None, random_state=None, verbose=False, ...

  9. matlab下将图片序列转化为视频文件 && 将为视频文件转化图片序列

    将图片序列转化为视频文件 程序如下: framesPath = 'E:\img\';%图像序列所在路径,同时要保证图像大小相同 videoName = 'Bolt.avi';%表示将要创建的视频文件的 ...

  10. delphi WebBrowser的使用方法详解(五)-难点释疑

    网页代码:<SELECT id=fy onchange=TouchRefresh(1) name=fy> <OPTION selected value=15>每頁顯示15筆&l ...