CORS and ASP.Net Web API

Question

I am attempting to get CORS set up in an asp.net web api. My WebApiConfig.cs is:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web.Http;
using System.Web.Http.Controllers;
using System.Web.Http.Cors;
using System.Web.Http.Routing;

namespace WebApplication2
{
public static class WebApiConfig
{
    public static void Register(HttpConfiguration config)
    {
        config.MapHttpAttributeRoutes();
        var cors = new EnableCorsAttribute("http://localhost", "*", "*");

        config.EnableCors(cors);
        config.Routes.MapHttpRoute(
            name: "bootstrap",
            routeTemplate: "abp/{controller}"
        );
    }
}
}

I also have appended headers in my Controller, which is:

namespace WebApplication2.Controllers
{
public class BootStrapController : ApiController
{
    public void Options(string locale, string deviceType)
    {
        string origin = HttpContext.Current.Request.Headers.Get("Origin") ??                                     "";
        HttpContext.Current.Response.AppendHeader("Access-Control-Allow-Origin", origin);
        HttpContext.Current.Response.AppendHeader("Access-Control-Allow-Methods", HttpContext.Current.Request.Headers["Access-Control-Request-Methods"]);
        HttpContext.Current.Response.AppendHeader("Access-Control-Allow-Headers", HttpContext.Current.Request.Headers["Access-Control-Request-Headers"]);
        HttpContext.Current.Response.End();
    }
    public object Get(string locale, string deviceType)
    {
        string origin = HttpContext.Current.Request.Headers.Get("Origin") ?? "";
        HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", origin);

Yet, I do not have any access-control or any appended headers in the server response. If you need any more information let me know.

Answer 1

Please visit http://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api . you will get a complete guide to implement CORS in WebAPI.

UPDATE: To implement CORS in WEBAPI please follows these steps:

1. Add the CORS NuGet package in your solution. In Visual Studio, from the Tools menu, select Library Package Manager , then select Package Manager Console . In the Package Manager Console window, type the following command:
   Install-Package Microsoft.AspNet.WebApi.Cors

2. Open the file App_Start/WebApiConfig.cs . Add the following code to the WebApiConfig.Register method.

    public static class WebApiConfig { public static void Register(HttpConfiguration config) { // New code config.EnableCors(); } } 

3. Next, add the [EnableCors] attribute to the BootStrapController class:

    [EnableCors(origins: "*", headers: "*", methods: "*")] public class BootStrapController : ApiController { // Controller methods } 

   origins,headers and methods may vary according to your need.

Answer 2

The previous answer is correct, but if you want to enable CORS in all the controllers, you can do that a really easy way: in the WebApiConfig class, inside of the Register method, add the next two lines:

public static class WebApiConfig
{
   public static void Register(HttpConfiguration config)
   {
       // These next two lines enables CORS for all controllers
       var cors = new EnableCorsAttribute("*", "*", "*");
       config.EnableCors(cors);  
   }
}