6

I want to use an ajax-based component (KendoUI) to read/modify entities on an OData endpoint implemented by WCF DataServices.

The service implementation was fairly easy in the first place:

public class MyFooService : DataService<FooContext>
{
    public static void SetEntitySetAccessRules(IDataServiceConfiguration config)
    {
        config.SetEntitySetAccessRule("Foos", EntitySetRights.AllWrite);
    }
}

Now I was expecting to be able to modify entities using PUT. KendoUI provides a nice and easy configuration interface and does a good job in generating the PUT request.

We are making a cross-domain request and use CORS. So, Firefox, for example, sends a preflight OPTIONS request to the OData service before sending the PUT.

Unfortunately the service endpoint seems not to support OPTIONS out-of-the-box: The response to the OPTIONS request is "501 Not Implemented" with an empty content. At least we managed that the response has the CORS headers as follows:

<system.webServer>
  <modules runAllManagedModulesForAllRequests="true" />
  <!-- Enable cross-origin resource sharing -->
  <!-- http://enable-cors.org/#how-asp.net -->
  <httpProtocol>
    <customHeaders>
      <add name="Access-Control-Allow-Origin" value="*" />
      <add name="Access-Control-Allow-Methods" value="POST, PUT, DELETE, GET, OPTIONS" />
      <add name="Access-Control-Allow-Headers" value="content-Type, accept, origin, X-Requested-With" />
      <add name="Access-Control-Allow-Credentials" value="true" />
    </customHeaders>
  </httpProtocol>
</system.webServer>

Googling for this has turned out a bit challenging because "options" is a very popular term...

I found this article but it seems very, very complicated. I mean, OData is all about REST, I can't imagine that WCF Data Services don't provide a simple way to allowing preflight requests, or?

chiccodoro
  • 14,407
  • 19
  • 87
  • 130
  • 1
    I take it that WCF OData Service works on WCF and passes through the same WCF pipeline. If so check out the link in this [answer.](http://stackoverflow.com/questions/11597314/origin-http-localhost-is-not-allowed-by-access-control-allow-origin/11606701#11606701). IMHO its the easiest way to implement CORS in WCF. – Obaid Nov 26 '12 at 15:56
  • I know this is not exactly what you want but I think the easiest way to work with cross domain requests is just to use the IIS´ reverse proxy. In this way you go only against your own domain and the IIS is who sends your request to the other domain. Then, your code doesn´t have to know anything about other domains. – lontivero Nov 27 '12 at 01:25
  • Randomly stumbled upon this; just thought I'd link to [this](https://stackoverflow.com/questions/19808069/wcf-dataservice-odata-and-cors) and [that](https://data.uservoice.com/forums/72027-wcf-data-services-feature-suggestions/suggestions/4450449-cors-support) for additional discussion. – tne Dec 06 '13 at 12:48

1 Answers1

1

Currently WCF DataServices don't support CORS, and every solution I have seen is a hack, and works flaky at best.

I had the same problem, and I just ported my code from WCF to an Web API 2 OData solution. Web API 2 has support for CORS and it is really easy to setup.

If you are familiar with Web API, check out this link: http://msdn.microsoft.com/en-us/magazine/dn532203.aspx

And here is a tutorial on how to create an OData endpoint with Web API: http://www.asp.net/web-api/overview/odata-support-in-aspnet-web-api/odata-v3/creating-an-odata-endpoint

Malyngo
  • 863
  • 7
  • 18
  • Thank you. Though the answer is late (I solved the problem by switching to WebAPI, too :-)) - this will be a helpful answer for any future readers as far as I can tell. – chiccodoro Oct 03 '14 at 06:54