Implementing CORS support in ASP.NET Web APIs

This sample shows how to enable CORS (Cross-Origin Resource Sharing) in an ASP.NET Web API project

C# (4.2 MB)
4.9 Star
10,491 times
Add to favorites
E-mail Twitter Digg Facebook
Sign in to ask a question

  • White Listing
    1 Posts | Last post September 20, 2013
    • It looks like your solution just automatically lets everyone in. Would be better if you modified it to show how you could create a whitelist of known domains that were acceptable. Like
  • Not working
    4 Posts | Last post August 04, 2013
    • Hi ,
      I already download your uploaded project and run it but it did'nt work and it return just error !! 
      what is the problem bro ?
    • +1 this question.. because it is awesome
    • I had the same problem with the project (in VS2012), the MvcApp sever returned internal server error for evry request.
      Adding the CorseHandler.cs handler and adding the proper line in Global.asax.cs (GlobalConfiguration.Configuration.MessageHandlers.Add(new CorsHandler());) worked perfectly for me.
    • What I meant to say... adding the CoreseHandler.cs TO MY MVC PROJECT worked.
      So the problem probably lies in the demo-project set-up, not the code it demonstrates.
  • Not working with Entitysetcontroller
    1 Posts | Last post May 14, 2013
    • Hi 
      I have downloaded your code and I have hosted on IIS server and call it from different browsers (Cross browser), and every time it is giving an error not calling action of controller. Is dere any thing wrong with code sample.
  • Released version of WebAPI
    1 Posts | Last post May 02, 2013
    • I can see now there is a released version of Web API.
      Do we need to follow the same process to have CORS enabled in the released version of WebAPI?
      Is there any link to help for the latest version?
  • Sorry - need to clarify question about different URLs
    1 Posts | Last post March 14, 2013
    • Working on IE 9 w/cookies:
      Not working on FF 19.0.2 with cookies:
      Not Working on FF 19.0.2 with cookies:
      Not Working on IE 9 at all, no request made:
      Sorry for the multiple posts. Any help would be oh so appreciated. I am using jQuery to make the requests - all GET requests so far.
  • Oh oh different URL's not working
    1 Posts | Last post March 14, 2013
    • I was wrong and right in my earlier question. I can get this to work from IE (cookies and all) if the origin & webapi urls are the same but differ by port. E.g. origin ( webapi ( or
      Any ideas how or if this can work?
  • Will this work with sending cookies?
    1 Posts | Last post March 14, 2013
    • First - great post!
      I got this to work with IE & FF but FF won't send cookies even though I return Access-Control-Allow-Credentials: true.
      Any thoughts about if this can work with FF (and eventually Safari & Chrome)?
  • Why not show your constants?
    1 Posts | Last post January 21, 2013
    • Not sure why you defined constants for Origin, AccessControlRequestMethod, etc... and then didn't include them in your code example.  Makes it pretty confusing for anyone trying to work from the code sample without downloading your whole project.
  • Will this work with HTTPS
    2 Posts | Last post October 16, 2012
    • Hi,
      I looked at the code sample for CORS support. Its just came to my mind.Do you think there will be any issue with HTTPS ?
      Thanks for your pointers.
    • Yes, this should work for HTTPS as well.