Post
Ask Question

How To Enable Cross Origin Request In WebAPI 2

In this blog, we are going to learn, how we can learn cross origin request in ASP.NET Web API 2. We realize that ASP.NET Web API is  independent. As of late, I ran into a requirement for calling our Web API in mobile Applications. Here, I am going to show you a basic example, where one is ASP.NET Web Application.

Background 

(Cross-origin resource Sharing) is a World Wide Web Consortium. Essentially, it is considered as some portion of HTML5. Mobile application will call XML Http Request for Http verb (GET, POST, PUT, Delete, and so forth) to the ASP.NET Web Application, utilizing API. Naturally, the cross inception request is debilitated in ASP.NET Web API. When we have to call ASP.NET Web API, it should be empowered. We will concentrate more on our ASP.NET Web API, Mobile Application. 
 
CORS is a concept that will be used like permissions to make cross-domain ajax requests. Let's understand the exact problem without cross enabling in WebApi 2.

You will find this error if WebApi 2 isn't already cross enabled. 



Reasons why this type of error will occur:
  1. Your  request differs in schemes (in other words http or https).
  2. You used different types of  port numbers.
  3. Application has different domains or sub-domains types.
Now I have learned a lot of things about cross origin. Now for the solution of how to resolve it  in webApi 2. Use this code to enable Cross origin.
  1. using System;  
  2. using System.Collections.Generic;  
  3. using System.Linq;  
  4. using System.Net.Http;  
  5. using System.Web.Http;  
  6. using Microsoft.Owin.Security.OAuth; W
  7. using Newtonsoft.Json.Serialization;  
  8. using System.Web.Http.ExceptionHandling;  
  9. using Crx.Utility;  
  10. using System.Web.Http.Cors;  
  11. using Microsoft.Practices.Unity;  
  12. using Crx.Provider.Dictionaries;  
  13. using CrxApi.ExLogger;  
  14.   
  15. namespace CrxApi  
  16. {  
  17.     public static class WebApiConfig  
  18.     {  
  19.         public static void Register(HttpConfiguration config)  
  20.         {  
  21.   
  22.             //Enable CORS for all origins,all headers,all methods,  
  23.             //We can customize this to match our requirement  
  24.             //Note://The CORS is enabled for the Web API only, not for the Token middleware Provider  
  25.             var corsAttr = new EnableCorsAttribute("*""*""*");  
  26.             config.EnableCors(corsAttr);  
  27.               
  28.   
  29.             config.Routes.MapHttpRoute(  
  30.                 name: "DefaultApi",  
  31.                 routeTemplate: "api/{controller}/{id}",  
  32.                 defaults: new { id = RouteParameter.Optional }  
  33.             );  
  34.         }  
  35.     }  
  36. }  
You can see in this code i have used 3 * Let me explain.
  • 1st * is allowed to support  any type Domain.
  • 2nd * is allowed to support any type of header.
  • 3rd * is allowed to support any type  of content type.
Instead you can use hard code value.