I have a simple actionmethod, that returns some json. It runs on ajax.example.com. I need to access this from another site someothersite.com.

If I try to call it, I get the expected...:

Origin http://someothersite.com is not allowed by Access-Control-Allow-Origin.

I know of two ways to get around this: JSONP and creating a custom HttpHandler to set the header.

Is there no simpler way?

Is it not possible for a simple action to either define a list of allowed origins - or simple allow everyone? Maybe an action filter?

Optimal would be...:

return json(mydata, JsonBehaviour.IDontCareWhoAccessesMe);
For plain ASP.NET MVC Controllers

Create a new attribute

public class AllowCrossSiteJsonAttribute : ActionFilterAttribute

{

    public override void OnActionExecuting(ActionExecutingContext filterContext)

    {

        filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", "*");

        base.OnActionExecuting(filterContext);

    }

}

Tag your action:

[AllowCrossSiteJson]

public ActionResult YourMethod()

{

    return Json("Works better?");

}

For ASP.NET Web API

using System;

using System.Web.Http.Filters;

public class AllowCrossSiteJsonAttribute : ActionFilterAttribute

{

    public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)

    {

        if (actionExecutedContext.Response != null)

            actionExecutedContext.Response.Headers.Add("Access-Control-Allow-Origin", "*");

        base.OnActionExecuted(actionExecutedContext);

    }

}

Tag a whole API controller:

[AllowCrossSiteJson]

public class ValuesController : ApiController

{

Or individual API calls:

[AllowCrossSiteJson]

public IEnumerable<PartViewModel> Get()

{

    ...

}

If you are using IIS +, you can place a web.config file into the root of the folder with this in the system.webServer section:

<httpProtocol>

   <customHeaders>

      <clear />

      <add name="Access-Control-Allow-Origin" value="*" />

   </customHeaders>

</httpProtocol>

See: http://msdn.microsoft.com/en-us/library/ms178685.aspx And: http://enable-cors.org/#how-iis7

This is really simple , just add this in web.config

<system.webServer>

  <httpProtocol>

    <customHeaders>

      <add name="Access-Control-Allow-Origin" value="http://localhost" />

      <add name="Access-Control-Allow-Headers" value="X-AspNet-Version,X-Powered-By,Date,Server,Accept,Accept-Encoding,Accept-Language,Cache-Control,Connection,Content-Length,Content-Type,Host,Origin,Pragma,Referer,User-Agent" />

      <add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE, OPTIONS" />

      <add name="Access-Control-Max-Age" value="" />

    </customHeaders>

  </httpProtocol>

</system.webServer>

In Origin put all domains that have access to your web server, in headers put all possible headers that any ajax http request can use, in methods put all methods that you allow on your server

regards :)

asp.net cors solution的更多相关文章

  1. Asp.Net 跨域,Asp.Net MVC 跨域,Session共享,CORS,Asp.Net CORS,Asp.Net MVC CORS,MVC CORS

    比如 http://www.test.com 和 http://m.test.com 一.简单粗暴的方法 Web.Config <system.web> <!--其他配置 省略……- ...

  2. 一劳永逸:域名支持通配符,ASP.NET Core中配置CORS更轻松

    ASP.NET Core 内置了对 CORS 的支持,使用很简单,只需先在 Startup 的 ConfigureServices() 中添加 CORS 策略: public void Configu ...

  3. 一劳永逸:域名支持通配符,ASP.NET Core中配置CORS

    ASP.NET Core 内置了对 CORS 的支持,使用很简单,只需先在 Startup 的 ConfigureServices() 中添加 CORS 策略: public void Configu ...

  4. Incorporating ASP.NET MVC and SQL Server Reporting Services, Part 1

    Your ASP.NET MVC application needs reports. What do you do? In this article, I will demonstrate how ...

  5. ngx-admin with Asp.net Core 2.0, possibly plus OrchardCore

    1 Download ngx-admin from https://github.com/akveo/ngx-admin 2 Create a new Web Application in vs201 ...

  6. OAuth Implementation for ASP.NET Web API using Microsoft Owin.

    http://blog.geveo.com/OAuth-Implementation-for-WebAPI2 OAuth is an open standard for token based aut ...

  7. C#.NET开源项目、机器学习、商务智能

    所以原谅我,不能把所有的都发上来,太杂了,反而不好. 1..NET时间周期处理组件 这个组件很小,主要是对时间日期,特别是处理时间间隔以及时间范围非常方便.虽然.NET自带了时间日期的部分功能,但可能 ...

  8. vs问题集

    ******将获取的所有的','换成'<br/>'********** data.Data.StandardSeating.replace(/,/g,"<br/>&q ...

  9. 支持Ajax跨域访问ASP.NET Web Api 2(Cors)的简单示例教程演示

    随着深入使用ASP.NET Web Api,我们可能会在项目中考虑将前端的业务分得更细.比如前端项目使用Angularjs的框架来做UI,而数据则由另一个Web Api 的网站项目来支撑.注意,这里是 ...

随机推荐

  1. Java awt组件间的继承关系

    Container的继承关系: Window是可独立存在的容器,其他则不行.

  2. 深入理解ASP.NET MVC(目录)

    学ASP.NET MVC2有一段时间了,也针对性的做了个练习.感觉这个框架还是不错的,所以决定要深入系统的学习一下.看到这样一本书: 作者博客:http://blog.stevensanderson. ...

  3. gdb 调试(查看运行时数据)(五)

    查看栈信息 当程序被停住了,首先要确认的就是程序是在哪儿被断住的.这个一般是通过查看调用栈信息来看的.在gdb中,查看调用栈的命令是backtrace,可以简写为bt. (gdb) bt    #0 ...

  4. node基于express的socket.io

    前一段事件,我一个同学给他们公司用融云搭建了一套web及时通信系统,然后之前我的公司也用过环云来实现web及时通信,本人对web及时通信还是非常感兴趣的.私下读了融云和环信的开发文档,然后发现如果注册 ...

  5. Android Drawable Mipmap Vector使用及Vector兼容

    原文地址:http://blog.csdn.net/eclipsexys/article/details/51838119 http://blog.csdn.net/qq_15545283/artic ...

  6. theme为dialog的Activity如何充满全屏

     转自:http://blog.csdn.net/fzh0803/article/details/9787615 分类: android_点滴记录2013-08-06 10:33 2005人阅读 评论 ...

  7. 关于android webview 设置cookie的问题

    转自:http://blog.csdn.net/encienqi/article/details/7912733 我们在android中访问网络经常会用到Apache的HttpClient,用此类去访 ...

  8. Robot常用Library安装

    Python-Library: yum install -y mysql-devel python-devel python-setuptools pip install MySQL-python p ...

  9. Ubuntu12.10下Vsftpd的安装

    安装Vsftpd sudo apt-get install vsftpd 配置 sudo vim /etc/vsftpd.conf 取消以下两行前面的注释 local_enable=YES write ...

  10. CRM 2016 级联过滤 类比省市县

    以下以省市为例: function preFilterLookup() { //要进行过滤的lookup按钮加入addPresearch事件 Xrm.Page.getControl("shi ...