Enabling Cross-Origin Requests in ASP.NET Web API

Introduction

This tutorial demonstrates CORS support in ASP.NET Web API. We’ll start by creating two ASP.NET projects – one called “WebService”, which hosts a Web API controller, and the other called “WebClient”, which calls WebService. Because the two applications are hosted at different domains, an AJAX request from WebClient to WebService is a cross-origin request.


What is “Same Origin”?

Two URLs have the same origin if they have identical schemes, hosts, and ports. (RFC 6454)

These two URLs have the same origin:

These URLs have different origins than the previous two:

Internet Explorer does not consider the port when comparing origins.

for more:  http://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api

Also from Microsoft Web-API: http://www.asp.net/web-api/overview

ASP.NET Web API 2–Token Authentication for SPA

image