CORS and ASP.Net Web API

Question

I am attempting to get CORS set up in an asp.net web api. My WebApiConfig.cs is:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web.Http;
using System.Web.Http.Controllers;
using System.Web.Http.Cors;
using System.Web.Http.Routing;

namespace WebApplication2
{
public static class WebApiConfig
{
    public static void Register(HttpConfiguration config)
    {
        config.MapHttpAttributeRoutes();
        var cors = new EnableCorsAttribute("http://localhost", "*", "*");

        config.EnableCors(cors);
        config.Routes.MapHttpRoute(
            name: "bootstrap",
            routeTemplate: "abp/{controller}"
        );
    }
}
}

I also have appended headers in my Controller, which is:

namespace WebApplication2.Controllers
{
public class BootStrapController : ApiController
{
    public void Options(string locale, string deviceType)
    {
        string origin = HttpContext.Current.Request.Headers.Get("Origin") ??                                     "";
        HttpContext.Current.Response.AppendHeader("Access-Control-Allow-Origin", origin);
        HttpContext.Current.Response.AppendHeader("Access-Control-Allow-Methods", HttpContext.Current.Request.Headers["Access-Control-Request-Methods"]);
        HttpContext.Current.Response.AppendHeader("Access-Control-Allow-Headers", HttpContext.Current.Request.Headers["Access-Control-Request-Headers"]);
        HttpContext.Current.Response.End();
    }
    public object Get(string locale, string deviceType)
    {
        string origin = HttpContext.Current.Request.Headers.Get("Origin") ?? "";
        HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", origin);

Yet, I do not have any access-control or any appended headers in the server response. If you need any more information let me know.

Answer 1

Please visit http://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api. you will get a complete guide to implement CORS in WebAPI.

UPDATE: To implement CORS in WEBAPI please follows these steps:

1. Add the CORS NuGet package in your solution. In Visual Studio, from the Tools menu, select Library Package Manager, then select Package Manager Console. In the Package Manager Console window, type the following command:
   Install-Package Microsoft.AspNet.WebApi.Cors

2. Open the file App_Start/WebApiConfig.cs. Add the following code to the WebApiConfig.Register method.

   public static class WebApiConfig
   {
      public static void Register(HttpConfiguration config)
      {
       // New code
       config.EnableCors();    
     }
   }
   

3. Next, add the [EnableCors] attribute to the BootStrapController class:

   [EnableCors(origins: "*", headers: "*", methods: "*")]
   public class BootStrapController  : ApiController
   {
       // Controller methods 
   }
   

   origins,headers and methods may vary according to your need.