Search code examples
c#wcfcors

How to allow CORS request for particular domains in WCF

1.) Unable to do CORS request from client to WCF service. 2.) How to configure WCF to allow CORS request from particular domains?.

I tried to use some configuration setting like crossDomainScriptAccessEnabled customHeaders in web.config but,still it is giving CORS error.

Help me to customize access to particular requests based on their domain name or IP.

 <system.serviceModel>
<bindings>
  <webHttpBinding>
    <binding name="crossDomain" crossDomainScriptAccessEnabled="true" />
  </webHttpBinding>

</bindings>
<behaviors>

 <serviceBehaviors>
    <behavior name="ServiceBehaviour">
      <!-- To avoid disclosing metadata information, set the values below to false before deployment -->
      <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
      <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
      <serviceDebug includeExceptionDetailInFaults="true"/>
    </behavior>
  </serviceBehaviors>

  <endpointBehaviors>
    <behavior name="EndPointBehaviour">
      <webHttp/>
      <enableWebScript />
    </behavior>
  </endpointBehaviors>


</behaviors>

<services>
  <service name="MyNameSpace.MyService" behaviorConfiguration="ServiceBehaviour">
   <endpoint 
      address="" behaviorConfiguration="EndPointBehaviour"
      binding="webHttpBinding"
      contract="MyNameSpace.IMyService" bindingConfiguration="crossDomain" />    
  </service>
</services>

<protocolMapping>
  <add binding="webHttpBinding" scheme="http" bindingConfiguration="crossDomain" />
  <add binding="basicHttpsBinding" scheme="https"/>
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
  </system.serviceModel>

 <system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<!--
    To browse web app root directory during debugging, set the value below to true.
    Set to false before deployment to avoid disclosing web app folder information.
  -->
<directoryBrowse enabled="true"/>

<httpProtocol>
  <customHeaders>
    <add name="Access-Control-Allow-Origin" value="*"/>
    <add name="Access-Control-Allow-Headers" value="Content-Type, Accept" />
    <add name="Access-Control-Allow-Methods" value="POST,GET,OPTIONS" />
    <add name="Access-Control-Max-Age" value="1728000" />
  </customHeaders>
</httpProtocol>

Solution

  • Try with this code in the global.asax.cs file:

    protected void Application_BeginRequest(object sender, EventArgs e)
{
    HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "http://localhost");
    if (HttpContext.Current.Request.HttpMethod == "OPTIONS")
    {
        HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "POST, PUT, DELETE");

        HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept");
        HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "1728000");
        HttpContext.Current.Response.End();
    }
}