WebAPI - CORS RRS feed

  • Question

  • User-2051535749 posted

    I'm at a loss, I', having some issues when accessing a WebAPI that I created on my web server. I read and went through the changes for the CORS found here:


    and I'm still unable to access my WebAPI from my web page on my web server. I even did this as well: http://enable-cors.org/server_iis7.html and still no luck. Is there something I'm missing? I have the cors package in the WEBApi code as well. as well as added


     to the webapiconfig.cs file.

    what else could there be that I'm missing? my service is running on IIS 7, my web page I'm trying to connect to it with is running on IIS 7 as well

    Friday, August 14, 2015 2:10 PM

All replies

  • User1779161005 posted

    Here's an article on the Web API CORS support: https://msdn.microsoft.com/en-us/magazine/dn532203.aspx

    Friday, August 14, 2015 2:59 PM
  • User-2051535749 posted

    I was just able to get it working using Chrome, however, we're an IE shop and its not working in IE.

    I'll check out the article BrockAllen, thanks

    Friday, August 14, 2015 3:53 PM
  • User1711320758 posted

    I too am unable to get CORS working with IE 10 or 11 if we have the "Allow cross site scripting" disabled in the browser settings.  

    I have gone through this article more than once and am even using anonymous authentication on the server just the get a basic call to a web api controller working.  When enabling CORS i am using the basic three "asterisks" from the examples.

    When I look at Fiddler, I see at 404 message.  And when I turn on allow cross site scripting everything works as intended.

    Our company does use Kerberos and I am beginning to wonder if that would be causing this pain ?  

    Any thoughts on what else I could try ?


    Thursday, September 3, 2015 11:17 PM
  • User108830567 posted

    For those having the same problem,  this article can help provide some clarification about CORS and how to configure your WEB API for CORS. It does work for IE as well.  The key is to be able to configure your responses with  the Access-Control-Allow-Origin header for preflight and actual requests.  Take a look at the article for details.


    Tuesday, April 12, 2016 4:08 PM