Enabling CORS with ASP.NET WEb API hosted by IIS 8.5

Question

I have problem for hosting CORS enabled ASP.NET (2.1) Web API hosted via IIS 8.5 running in 2012 R2. I have enabled CORS in my Web API configuration with the following code:

config.EnableCors(new EnableCorsAttribute("*", "*", "*"));

When running on dev machine with IIS express, angular.js client can call web api correctly. The browser first sends OPTIONS and then GET, POST, PUT or DELETE. No any problem with that.

Then I created new web site into IIS 8.5 and deployed my web api application into that. First I encounterd the problem that browser received HTTP 405 for every OPTIONS request. Ok, I enabled OPTIONSVerbHandler for my site and browser started to receive 200 OK. However it misses all the needed CORS headers. That I can overcome by manually adding custom headers into each web request.

It makes me wonder that why I need to define CORS settings in different places; web api application, handler mapping and custom headers. Or am I doing something wrong here?

Kiran Challa Kiran Challa · Accepted Answer · 2014-04-01T17:41:00

I wonder if there is an issue with your application's configuration. Try again with the following settings in your web.config file:

<system.webServer>
    <handlers>
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
      <remove name="OPTIONSVerbHandler" />
      <remove name="TRACEVerbHandler" />
      <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" 
           preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
  </system.webServer>

Enabling CORS with ASP.NET WEb API hosted by IIS 8.5

1 Answers