Allow CORS With ASP MVC

CORS stands for Cross-Origin Resource Sharing. For most scenarios, what it does is let you use Javascript to make HTTP requests to a different domain. It is a very important security feature but is a useful thing to enable if you have the need for it. This guide will show you how to enable it for a C# ASP.NET MVC API.

To start, you will need to install a NuGet package called Microsoft.AspNet.WebApi.Cors. The functionality is not included as part of the Web.Http assembly. You will get a reference error if you do not include this package.

cors with asp nuget package
Search for CORS in the nuget window and install the package highlighted. This will give you access to the references you need.

Navigate to App_Start/WebApiConfig.cs and modify the Register method to add config.EnableCors();. You can have plenty of other information in this method too. This is the default. All you need is the cors call to have it enabled.

public static void Register(HttpConfiguration config)
{
	config.EnableCors();

	config.Routes.MapHttpRoute(
		name: "DefaultApi",
		routeTemplate: "api/{controller}/{action}/{id}",
		defaults: new { id = RouteParameter.Optional }
	);
}

Once you have added cors to the register method of the project, you need to decorate the cors enabled controllers with an attribute. Make sure to only add this to the controllers you want to enable cors for. This isn’t something you want to have enabled for everything unless you really need to. The following code will enable cors for a specific API controller with ASP.NET.

[EnableCors(origins: "http://domainyouwanttosupport.com", headers: "*", methods: "*")]
public class CorsController : ApiController
{
	//controller actions go in here
}

The code above will allow cross origin requests to a specific domain. If you want to enable it for everything, which you should only do if the controller is safe inside an internal network or something, you can replace the origin string with a *. The snippet below will enable requests for any domain.

[EnableCors(origins: "*", headers: "*", methods: "*")]

The Namespace name ‘Cors’ does not exist error

If you are getting this compiler error when trying to get this to work you more than likely failed to install the nuget package that is required. If you see the error below, install the package highlighted in the image below.

The type or namespace name ‘Cors’ does not exist in the namespace ‘System.Web.Http’ (are you missing an assembly reference?)

Related Articles

Related Questions

C# How to pass ulong argument to unit test via TestCase decorator

I have a unit test where I want to pass some arguments into the test method via the TestCase decorator. The argument I need...

Can google home turn on my smart tv?

If I purchase a Google hub and set up everything I need to use Google Home to turn my house into a smart house....

Can amazon smart plug work with google home?

I am looking to purchase some smart plugs and I see that there is an amazon branded smart plug. It is advertised to work...

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Tools

Bitrate Converter

Below you will find a bitrate converter. This tool will allow you to enter a bitrate value, in one of many different formats and...

Aesthetic Text Generator

There are various ways to make your social media profile seem more unique, some of which are not as easy to implement as others....

Aspect Ratio Calculator For Images

Aspect ratio is the ratio between the height and width of an image. If you want to resize an image by 100 pixels, you...

Add Text To Image

Use this free tool to add text to an image. Simply select the image file that you want to overlay text onto and you...

JavaScript Multi-line String Builder

Javascript did not always support multi-line strings. If you attempted to create a string variable using quotes, putting a line break into the source...

GUID Generator

GUID generation is relatively simple. It is a system that is used to generate unique values without having to keep track of the IDs...

Latest Posts

Latest Questions