I have a C# ASP.NET/MVC Web Role that is hosted on Azure. I want it to service one or more Azure hosted web sites as an API provider available via AJAX calls. Normally making AJAX requests from two different web locations violates the browser cross site security restrictions. But I'm wondering if there is a procedure or a set of steps I can take to configure my Webs Sites and Web Role that would avoid violating the browser security restrictions? The Web Sites and Web Role are all under my control and all running under the same Azure account, so perhaps there are things I can do to mitigate this restriction?
1 Answers
2
votes
Windows Azure is a magic wand for solving all the problems of Web Programming. The fact that you own all the resources, does not change the security model for WEB and its restrictions.
Fortunately we live in 21st century and technology changes with hours, not days nor years.
What can take a look at, are the following articles:
- Using CORS to access ASP.NET services across domains
- CORS Support in WebAPI, MVC and IIS using thinktecture IdentityModel
What you can do, is enable CORS support on your WebRole. You can read more on CORS here, here and here.
