I have a simple actionmethod, that returns some json. It runs on ajax.example.com. I need to access this from another site someothersite.com.

If I try to call it, I get the expected...:

Origin http://someothersite.com is not allowed by Access-Control-Allow-Origin.
I know of two ways to get around this: JSONP and creating a custom HttpHandler to set the header. Is there no simpler way? Is it not possible for a simple action to either define a list of allowed origins - or simple allow everyone? Maybe an action filter? Optimal would be...: return json(mydata, JsonBehaviour.IDontCareWhoAccessesMe);
For plain ASP.NET MVC Controllers

Create a new attribute

public class AllowCrossSiteJsonAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", "*");
base.OnActionExecuting(filterContext);
}
} Tag your action: [AllowCrossSiteJson]
public ActionResult YourMethod()
{
return Json("Works better?");
} For ASP.NET Web API using System;
using System.Web.Http.Filters; public class AllowCrossSiteJsonAttribute : ActionFilterAttribute
{
public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)
{
if (actionExecutedContext.Response != null)
actionExecutedContext.Response.Headers.Add("Access-Control-Allow-Origin", "*"); base.OnActionExecuted(actionExecutedContext);
}
} Tag a whole API controller: [AllowCrossSiteJson]
public class ValuesController : ApiController
{ Or individual API calls: [AllowCrossSiteJson]
public IEnumerable<PartViewModel> Get()
{
...
} If you are using IIS +, you can place a web.config file into the root of the folder with this in the system.webServer section: <httpProtocol>
<customHeaders>
<clear />
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
See: http://msdn.microsoft.com/en-us/library/ms178685.aspx And: http://enable-cors.org/#how-iis7 This is really simple , just add this in web.config <system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="http://localhost" />
<add name="Access-Control-Allow-Headers" value="X-AspNet-Version,X-Powered-By,Date,Server,Accept,Accept-Encoding,Accept-Language,Cache-Control,Connection,Content-Length,Content-Type,Host,Origin,Pragma,Referer,User-Agent" />
<add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE, OPTIONS" />
<add name="Access-Control-Max-Age" value="" />
</customHeaders>
</httpProtocol>
</system.webServer>
In Origin put all domains that have access to your web server, in headers put all possible headers that any ajax http request can use, in methods put all methods that you allow on your server regards :)

asp.net cors solution的更多相关文章

  1. Asp.Net 跨域,Asp.Net MVC 跨域,Session共享,CORS,Asp.Net CORS,Asp.Net MVC CORS,MVC CORS

    比如 http://www.test.com 和 http://m.test.com 一.简单粗暴的方法 Web.Config <system.web> <!--其他配置 省略……- ...

  2. 一劳永逸:域名支持通配符,ASP.NET Core中配置CORS更轻松

    ASP.NET Core 内置了对 CORS 的支持,使用很简单,只需先在 Startup 的 ConfigureServices() 中添加 CORS 策略: public void Configu ...

  3. 一劳永逸:域名支持通配符,ASP.NET Core中配置CORS

    ASP.NET Core 内置了对 CORS 的支持,使用很简单,只需先在 Startup 的 ConfigureServices() 中添加 CORS 策略: public void Configu ...

  4. Incorporating ASP.NET MVC and SQL Server Reporting Services, Part 1

    Your ASP.NET MVC application needs reports. What do you do? In this article, I will demonstrate how ...

  5. ngx-admin with Asp.net Core 2.0, possibly plus OrchardCore

    1 Download ngx-admin from https://github.com/akveo/ngx-admin 2 Create a new Web Application in vs201 ...

  6. OAuth Implementation for ASP.NET Web API using Microsoft Owin.

    http://blog.geveo.com/OAuth-Implementation-for-WebAPI2 OAuth is an open standard for token based aut ...

  7. C#.NET开源项目、机器学习、商务智能

    所以原谅我,不能把所有的都发上来,太杂了,反而不好. 1..NET时间周期处理组件 这个组件很小,主要是对时间日期,特别是处理时间间隔以及时间范围非常方便.虽然.NET自带了时间日期的部分功能,但可能 ...

  8. vs问题集

    ******将获取的所有的','换成'<br/>'********** data.Data.StandardSeating.replace(/,/g,"<br/>&q ...

  9. 支持Ajax跨域访问ASP.NET Web Api 2(Cors)的简单示例教程演示

    随着深入使用ASP.NET Web Api,我们可能会在项目中考虑将前端的业务分得更细.比如前端项目使用Angularjs的框架来做UI,而数据则由另一个Web Api 的网站项目来支撑.注意,这里是 ...

随机推荐

  1. R(4) read/write

    write.table() 数据导入导出最常用的方式是使用read.table()函数和write.table()处理CSV文件的导入导出,read.table()和write.table()可以处理 ...

  2. hosts,No web site is configured at this address.

    解决办法: IIS管理器->右击网站->属性->网站——>IP地址一项->选择全部未分配-> 确定关闭 问题解决.

  3. 利用springMVC包装类上传多个文件

    前端JSP页面代码片段: <!-- springMVC包装类上传文件 --><form name="uploadFiles" id="uploadFil ...

  4. git Push failed: Could not read from remote repository 解决方案

    解决的办法很简单,进入Android Studio配置界面,选择Version Control——>Git,在右边界面切换SSH下拉选项为Native,最后重新提交.如果解决你的问题,记得分享哦 ...

  5. C#下编程完成IIS网络App的权限设置

    转自:http://linwx1978.blog.163.com/blog/static/1504106920101104834271/ 以前的日志中转了不少文章,最近听说转文不是好习惯,决定普世一把 ...

  6. python给字典排序

    应用场景: 统计一篇文章中单词的出现频率,然后进行排序 利用sorted函数,返回一个已经排序好的list,但不改变原来的数据结构 In [1]: dt = {'a':3,'b':2,'c':1} I ...

  7. 显式等待大结局___封装成API方便控制层调用

    控制层 测试用例层: 控制层示例代码: #coding=utf-8from selenium.webdriver.common.by import Byfrom selenium.webdriver. ...

  8. Spring DI - 依赖注入

    1.IOC(DI) - 控制反转(依赖注入) 所谓的IOC称之为控制反转,简单来说就是将对象的创建的权利及对象的生命周期的管理过程交由Spring框架来处理,从此在开发过程中不再需要关注对象的创建和生 ...

  9. Bootstrap:百科

    ylbtech-Bootstrap:百科 Bootstrap (Web框架) Bootstrap,来自 Twitter,是目前很受欢迎的前端框架.Bootstrap 是基于 HTML.CSS.Java ...

  10. [转] oracle 数据库 SQL plus 连接方法

    http://hi.baidu.com/zzy382/item/a5b197f97a38e01ba7298832 之前电脑上安装了一个 Oracle  有一段时间没用,就把密码给忘了,按上面链接里的操 ...