How to enable CORS in Asp.Net

CORS is a method of allowing calls from one domain to another that would otherwise be forbidden due to same origin policy. There are many ways to enable this to allow asp.net to respond to these types of request and the method below allows calls from any domain. This might not be right for every application but it’s a quick way to get started.

In the apps web.config add the following section:

  <system.webServer>
    <httpProtocol>
      <customHeaders>
        <add name="Access-Control-Allow-Origin" value="*" />
      </customHeaders>
    </httpProtocol>

2 Comments

  • October 18, 2012 - 3:23 am | Permalink

    I’ve implemented a spec-compliant open source CORS library for ASP.NET, MVC and WebAPI:

    http://brockallen.com/2012/06/28/cors-support-in-webapi-mvc-and-iis-with-thinktecture-identitymodel/

    • October 18, 2012 - 9:37 am | Permalink

      I’ve actually looked into that library before, however the use case for my situation was incredibly simple and just required a blanket approve for all. But it’s definitely one of the libs on my must use list. Cheers

  • Leave a Reply