Original: http://www.cnblogs.com/chenxizhang/p/3821703.html
Problem description
When cross domain calls the services written by ASP. NET MVC or the ASP. NET Web API, an inaccessible condition occurs.
How to Reproduce
1. Use the template to create the simplest ASP. NET Web API project, debug to confirm that it works
Public classTestcontroller:apicontroller {//GET api/test Publicienumerable<string>Get () {return New string[] {"value1","value2" }; } //GET API/TEST/5 Public stringGet (intID) {return "value"; } //POST api/test Public voidPost ([Frombody]stringvalue) { } //PUT API/TEST/5 Public voidPut (intID, [frombody]stringvalue) { } //DELETE API/TEST/5 Public voidDelete (intID) {}}
2. Create another project that contains only an HTML page, initiating an AJAX call
<! DOCTYPE html>"http://www.w3.org/1999/xhtml">"Scripts/jquery-1.10.2.min.js"></script> <script>$ (function () {varURL ="http://localhost:49136/api/test"; $ajax ({type:"GET", ContentType:"Application/json", Url:url, datatype:'JSON', success:function (Result) {alert (result); } }); }); </script>3. Open this page in the browser, we will find the following error (405:method not allowed)
"Remarks" in the same case, also occurs in ASP. At some point, MVC can also be used to develop services directly, with advantages and disadvantages compared to WEBAPI. The following is an example of a service developed using MVC
Public class Homecontroller:controller { // GET:/home/ Public actionresult Index () { return Json (new1 }, Jsonrequestbehavior.allowget); } }
Cause analysis
A cross-domain problem occurs only when JavaScript initiates an Ajax call, or when Silverlight initiates a service invocation, because the browser is given a lower permission for both requests, usually allowing only the resources in the domain to be called. Unless the target server explicitly tells it to allow cross-domain calls.
Therefore, the cross-domain problem is caused by the behavior of the browser, but the solution is on the server side. Because it is not possible to require all clients to reduce security.
Solution Solutions
For the two project types of ASP. NET MVC and ASP, I did some research to make sure the following scenario is feasible.
For ASP. NET MVC, just add the following in Web. config
<system.webServer>
<customHeaders>
<add name= "Access-control-allow-origin" value= "*"/>
<add name= "Access-control-allow-headers" value= "Content-type"/>
<add name= "Access-control-allow-methods" value= "GET, POST, PUT, DELETE, OPTIONS"/>
</customHeaders>
<remove name= "extensionlessurlhandler-integrated-4.0"/>
<remove name= "Optionsverbhandler"/>
<remove name= "Traceverbhandler"/>
<add name= "extensionlessurlhandler-integrated-4.0" path= "*." verb= "*" type= " System.Web.Handlers.TransferRequestHandler "precondition=" integratedmode,runtimeversionv4.0 "/>
</system.webServer>
In addition to the above settings, for the ASP. NET Web API, you need to add a special design that adds an options method to each Apicontroller, but does not need to return anything.
public string Options ()
{
return null; HTTP response with empty body
}
=========================================================================================
Here's the nonsense.
Recently wrote a small project with Webapi, based on. NET 4.0, encountered this cross-domain problem, was the pit of death, here to first thank the Bo Master
Have a problem certainly find Niang, show found with JSONP to achieve, find the following more classic article
Http://www.cnblogs.com/Kummy/p/3767269.html
Http://www.cnblogs.com/dowinning/archive/2012/04/19/json-jsonp-jquery.html
Read a lot of articles, JS and server to do some trouble configuration, and finally found a bigger pit: only support get. Immediately, tears run, I use is tall on the post.
Http://diaosbook.com/Post/2013/12/27/tips-for-aspnet-webapi-cors
In this article found can be used Microsoft.AspNet.WebApi.Cors, note: Only support more than 4.5 (secretly tears Ben)
Need to learn cors, you can see Artech series of cool, Haha, a total of 8 chapters
Http://www.cnblogs.com/artech/p/cors-4-asp-net-web-api-01.html
Others do not say, carefully read, a deeper understanding of the cross-domain
About Ajax cross-domain calls to ASP. NET MVC or WEBAPI services problems and solutions