Resolving CORS Origin Using Custom Middle ware in ASP.Net Web API

To enable Cross-Origin Resource Sharing (CORS) in an ASP.NET Core Web API using custom middleware, you can follow these steps:

Step 1. Create a new ASP.NET Core Web API project or open your existing one.

Step 2. Install the necessary NuGet package if you haven't already. In this case, you need Microsoft.AspNetCore.Cors package.

Step 3. Create a custom middleware class to handle CORS requests. This middleware will intercept the incoming HTTP requests and add the necessary CORS headers.

using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;

public class CorsMiddleware
    private readonly RequestDelegate _next;

    public CorsMiddleware(RequestDelegate next)
        _next = next;

    public async Task EnableCors(HttpContext context)
        context.Response.Headers.Add("Access-Control-Allow-Origin", "*");
        context.Response.Headers.Add("Access-Control-Allow-Headers", "Origin, X-Requested-With, 
        Content-Type, Accept");
        context.Response.Headers.Add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, 

        if (context.Request.Method == "OPTIONS")
            context.Response.StatusCode = StatusCodes.Status200OK;

        await _next.EnableCors(context);

Step 4. Register the custom middleware in the Startup.cs file under the Configure method:

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)


Step 5. Make sure to configure the CORS settings in the ConfigureServices method of the Startup.cs file if you haven't done so already. You can customize these settings based on your requirements.

public void ConfigureServices(IServiceCollection services)

    services.AddCors(options =>
            builder =>


With these steps, your ASP.NET Core Web API should now be configured to handle Cross-Origin Resource Sharing using your custom middleware.

Please note that allowing all origins (AllowAnyOrigin()) and all methods (AllowAnyMethod()) may not be the most secure configuration for production environments. In a production setup, you might want to restrict the allowed origins and methods based on your specific use case.


By following the steps outlined above, you can successfully enable Cross-Origin Resource Sharing (CORS) in your ASP.NET Core Web API using custom middleware. The custom middleware intercepts incoming HTTP requests and adds the necessary CORS headers to allow cross-origin requests from any domain.

However, it's essential to exercise caution while configuring CORS for security reasons. Allowing any origin (AllowAnyOrigin()) and any method (AllowAnyMethod()) might not be the most secure setup for a production environment. In production, it is recommended to limit the allowed origins and methods to only those required by your client applications.

Custom middleware provides flexibility in handling CORS requests, and you can customize it further to suit your specific requirements. It allows you to implement additional logic for CORS handling or integrate with other security mechanisms if needed.

Remember to thoroughly test your CORS configuration with different client applications to ensure that the setup meets your security and functionality needs. If there are multiple endpoints with different CORS requirements, you can create multiple custom middleware classes and configure them separately for each endpoint.

Overall, CORS is an essential aspect of building web APIs that interact with client applications hosted on different domains, and with ASP.NET Core, you have the tools to configure CORS in a flexible and secure manner.

Similar Articles