How to host ASP.NET WebAPI application without enabling CORS, but allowing access by any domain?

Question

I am trying to get a new project up and running and I need it to call existing web services I have written in a different project. Eventually my project will be moved into the same webapp as the web services, so this will not be run in production this way.

I would like to allow the web services to be called from any domain. I have set the following custom headers in my web.config:

    <httpProtocol>
        <customHeaders>
            <add name="Access-Control-Allow-Origin" value="*" />
            <add name="Access-Control-Allow-Headers" value="Content-Type" />
            <add name="Access-Control-Allow-Methods" value="GET,POST,PUT,DELETE,OPTIONS" />
            <add name="Access-Control-Allow-Credentials" value="true" />
        </customHeaders>
    </httpProtocol> 

This does show up in IIS Manager, but seems to have no affect on the call. I am still receiving the following error when I call the service:

"The requested resource does not support http method 'OPTIONS'."

As I have said, I only need this to work in development. My web service project is not compatible with the Microsoft CORS library and that is why I can't just enable CORS.

EDIT I am using asp.net WebAPI2 to provide REST endpoints for my applications. I just need to know how to configure them to allow any domain to access them without using CORS.

Answer 1

The one solution you can implement is to create a proxy js like a facade on your API's domain.

For example, you have a WebAPI domain api.example.com So, create a js-library (facade) that implements the logic of usage of that API. The url will be http://api.example.com/script.js

So, include that file into each project and use your API through that js-facade.