MVC's WebAPI series two

Today, I want to record the WEBAPI cross-domain call

1. What is cross-domain:

The simple understanding of cross-domain issues is the limitation of the JavaScript origin policy, which is rooted in the fact that the browser gives a low level of permissions to the request, usually allowing only the resources in the domain to be called, unless the target server explicitly tells it to allow cross-domain calls.

Therefore, the cross-domain problem is due to the browser request, but it needs to be resolved on the service side, it is very simple, it is impossible to require all clients to reduce security.

And learn more about what the cross-domain:

Http://www.a.com/a.js
Http://www.a.com/b.js allowed under the same domain name

----------------------------------------------------------------------------------------------------
Http://www.a.com/lab/a.js
Http://www.a.com/script/b.js different folders under the same domain name allow

----------------------------------------------------------------------------------------------------
Http://www.a.com:8000/a.js
Http://www.a.com/b.js the same domain name, different ports are not allowed

----------------------------------------------------------------------------------------------------
Http://www.a.com/a.js
Https://www.a.com/b.js the same domain name, different protocols not allowed

----------------------------------------------------------------------------------------------------
Http://www.a.com/a.js
Http://70.32.92.74/b.js domain and domain name corresponding IP is not allowed

----------------------------------------------------------------------------------------------------
Http://www.a.com/a.js
Http://script.a.com/b.js primary domain, different subdomains are not allowed

----------------------------------------------------------------------------------------------------
Http://www.a.com/a.js
Http://a.com/b.js the same domain name, different level two domain names (IBID.) are not allowed (cookies are not allowed in this case)

----------------------------------------------------------------------------------------------------
Http://www.cnblogs.com/a.js
Http://www.a.com/b.js different domain names are not allowed

2. Call Webapi in the case of not allowing cross-domain

Knowing what is cross-domain, when we first call the Web Api, we know why the call was unsuccessful

Let me show you the following. I wrote a very simple Webapi, and published to IIS (will not publish Webapi, please Baidu, not in the scope of this article)

After publishing, you can browse to the browser in the

Then I wrote a Web program to call this WEBAPI, the code is as follows:

When called, it fails:

Use Chrome to view the following errors:

The meaning is obvious, that is, cross-domain, blocked access loading

3. Resolving cross-domain

WEBAPI has its own workaround for cross-domain, which is to modify the Web. config to implement cross-domain authorization actions.

Within the Web. config, write the following code (the accompanying drawings)

"Access-control-allow-origin"Value="*"/> <add name="access-control-allow-headers"Value="Content-type"/> <add name="Access-control-allow-methods"Value="GET, POST, PUT, DELETE, OPTIONS"/> </customHeaders> 
4. Add cross-domain authorization before calling
Once the Web. config authorization file is written, the call succeeds
MVC's WebAPI series two