ASP.NET Introduction to the method of complex request cross domain setting in webapi 2


ASP.Net The cross domain setting of the core is relatively simple. For details, please refer to the official documents of Microsoft

Cross domain condition

Cross domain refers to the HTTP requests initiated by the current resource when accessing other resources. Due to security reasons (due to the same origin policy, if only one of the domain name, protocol, and port is different, it will not be the same origin), the browser restricts the normal access of these requests. In particular, it should be noted that these requests occur in the browser.


Method 1 web.config In file system.webServer Add the following configuration under the node:

<add name="Access-Control-Allow-Methods" value="OPTIONS,POST,GET"/>
<add name="Access-Control-Allow-Headers" value="x-requested-with,content-type"/>
<add name="Access-Control-Allow-Origin" value="*" />

Method 2. Nuget package reference Microsoft.AspNet.Cors , and then add features to the controller
[EnableCors(origins: “*”, headers: “*”, methods: “*”)] 

be carefulFor the above two methods, do not set them repeatedly. If they are set twice, an error of ‘access control allow origin’ header contains multiple values’ *, * ‘will be reported,.

Complex request problem

The above two methods are only effective for simple cross domain requests and cannot handle complex cross domain requests.

Simple request: the request method is get / head / post, and the content type is text / plain, application / x-www-form-urlencoded, multipart / form data.

Those that do not meet the above conditions are regarded as complex requests. In development, we often trigger this condition, mostly because the contenttype of our request is set to application / JSON.

be careful:If authentication header is set for simple request, the request will be upgraded to complex request.

Complex request will add an HTTP query request before formal communication, which is called “preflight”. The browser first asks the server whether the domain name of the current web page is in the server’s permission list, and which HTTP verbs and header information fields can be used. Only when you get a positive reply, the browser will send out a formal XMLHttpRequest request. Otherwise, an error will be reported. The HTTP method of preflight this time is options. In other words, if you send an options request before your XHR request, it means that the request you want to execute is complex.

Complex request processing

stay Global.asax File, through the application_ Beginrequest method

protected override void Application_BeginRequest(object sender, EventArgs e)
//Directly set up all cross domain access
if ( Request.Headers.AllKeys .Contains("Origin") &&  Request.HttpMethod  =="Options") // intercepts and processes options requests
Response.Headers.Add("Access-Control-Allow-Headers", "*");
Response.Headers.Add("Access-Control-Allow-Methods", "*");
base.Application_BeginRequest(sender, e);

In this way, the “cross domain support” response is made to the cross domain request of options, and then the formal request arrives at the action in the controller, and there is corresponding cross domain access processing. Then for the whole complex request, cross domain implementation is completed.

Microsoft official reference:


This is about ASP.NET This is the article about complex request cross domain setting in webapi 2, and more about it ASP.NET Webapi2 complex request cross domain setting content, please search previous articles of developer or continue to browse the following related articles, hope you can support developer more in the future!