× {{alert.msg}} Never ask again
Get notified about new tutorials RECEIVE NEW TUTORIALS

WCF REST Service Template 40(CS) Cross domain error

Apr 07, 2015
<p>Practically speaking , i had faced this issue, i have gone one step further to check WebAPI, and same effort was required, when i analysed. So i had to fix this <code>CORS with WCF</code>. I will try to explain in short. Here we go. When you access WCF request with CrossOrigin, like from JS code existing in different domain, and from JS , you try to do <code>PUT</code> or <code>POST</code> request, 1st browser sends an <code>OPTION</code> request <code>405 HTTP Status</code>, to see if this domain is in allowed list, then if your <code>WCF</code> respond to <code>OPTIONS</code> request, sends required response with header value, then browser will again do a <code>POST</code> or <code>PUT</code> request ( which ever browser issued earlier), and it will work as expected.</p> <p>NOTE: you can not send <code>("Access-Control-Allow-Origin", "*")</code>, because, there is a security feature , that mandates required domain name to be listed in <code>Access-Control-Allow-Origin</code> instead of <code>*</code>. </p> <p>For more info -</p> <p><a href="http://social.msdn.microsoft.com/Forums/ro-RO/5613de55-2573-49ca-a389-abacb39e4f8c/wcf-rest-service-post-cross-domain-not-working?forum=wcf" rel="nofollow">http://social.msdn.microsoft.com/Forums/ro-RO/5613de55-2573-49ca-a389-abacb39e4f8c/wcf-rest-service-post-cross-domain-not-working?forum=wcf</a></p> <p><a href="http://stackoverflow.com/questions/26163802/wcf-cors-request-from-jquery-not-working">WCF CORS Request from Jquery not working</a></p> <p>From practical experience, i have tried <code>*</code> in that header, it was not working. If you don't believe me, go ahead and try .</p> <p>Finally the code is following. You need to put this in <code>Global.asax</code>.</p> <pre><code>protected void Application_BeginRequest(object sender, EventArgs e) { String domainname = HttpContext.Current.Request.Headers["Origin"].ToString(); if (IsAllowedDomain(domainname)) HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", domainname); String allowedmethods = "POST, PUT, DELETE, GET"; String headers = HttpContext.Current.Request.Headers["Access-Control-Request-Headers"].ToString(); String accesscontrolmaxage = "1728000"; String contenttypeforoptionsrequest = "application/json"; if (HttpContext.Current.Request.HttpMethod == "OPTIONS") { //These headers are handling the "pre-flight" OPTIONS call sent by the browser HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", allowedmethods); HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", headers); HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", accesscontrolmaxage); HttpContext.Current.Response.AddHeader("ContentType", contenttypeforoptionsrequest); HttpContext.Current.Response.End(); } } private bool IsAllowedDomain(String Domain) { if (string.IsNullOrEmpty(Domain)) return false; string[] alloweddomains = ""; // you can place comma separated domains here. foreach (string alloweddomain in alloweddomains) { if (Domain.ToLower() == alloweddomain.ToLower()) return true; } return false; } </code></pre> <p>This tip was originally posted on <a href="http://stackoverflow.com/questions/25889599/WCF%20REST%20Service%20Template%2040(CS)%20Cross%20domain%20error/26282069">Stack Overflow</a>.</p>
comments powered by Disqus