0

I have a wcf service hosted on IIS. Almost all the documents say that to enable cors, you should handle the OPTIONS VERB. (Pre-Flight Requests)

I have a method whose signatures are : 

[OperationContract]
        [FaultContract(typeof(ExceptionManager))]
        [WebInvoke(Method = "POST",
            RequestFormat = WebMessageFormat.Json,
            ResponseFormat = WebMessageFormat.Json,
            BodyStyle = WebMessageBodyStyle.WrappedRequest,
            UriTemplate = "PostLog")]
        string PostLog(List<LoginEntry> LoginLog);

I have created an attribute deriving from IServiceBehavior & hooked up this Class to my service & handled BeforeSendReply method to add Acces Control methods as : 

public void BeforeSendReply(ref System.ServiceModel.Channels.Message reply, object correlationState)
{

    var httpHeader = reply.Properties["httpResponse"] as HttpResponseMessageProperty;
    httpHeader.Headers.Add("Access-Control-Allow-Origin", "*");

    httpHeader.Headers.Add("Access-Control-Request-Method", "POST,GET,PUT,DELETE,OPTIONS");
    httpHeader.Headers.Add("Access-Control-Allow-Headers", "X-Requested-With,Content-Type");

}

This did not help me when i created a testcall in firefox. So i took it out from here & added this in Global.asax file as

protected void Application_BeginRequest(object sender, EventArgs e)
        {
                           HttpContext.Current.Response.Cache.SetCacheability(HttpCacheability.NoCache);

            HttpContext.Current.Response.Cache.SetNoStore();

            HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "*");

            if (HttpContext.Current.Request.HttpMethod == "OPTIONS")
            {

                HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS");

                HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, Accept");

                HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "1728000");

                HttpContext.Current.Response.End();

            }
        }

I could see in firefox 403 Error & my headers not being present. so i went ahead & put those headers in IIS settings (Custom headers Tab). (I took the risk of sending those in each response). Now i can see those headers in response in firefox, but I am still getting 403 Error. This is the response header : 

HTTP/1.1 403 Forbidden
Connection: Keep-Alive
Content-Length: 1758
Date: Thu, 05 Mar 2015 14:47:25 GMT
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: Content-Type, Authorization, Accept

I also tried Changing to Method="*" in WebInvoke. but still could not get it to work.

Thanks in Advance..

Abdul Rehman Sayed
  • 6,532
  • 7
  • 45
  • 74

1 Answers1

1

So finally Got it to Work. This post helped me out.

enabling cross-origin resource sharing on IIS7

Turns out that the problem was in IIS 6 Site settings.

Solved it by the following steps :

In IIS, Select Site -> RightClick (Properties) ->

Under the Directory Tab Select Configuration Button.

Under the Mappings Tab. Search for Extension (.svc) Click on Edit. Search for Label "Limit Verbs To".

Previous Value was "GET,HEAD,POST,DEBUG"

Replaced It With "GET,HEAD,POST,DEBUG,OPTIONS"

Also, I removed all those headers configs from IIS (coz I was already managing them Global.asax).

Community
  • 1
  • 1
Abdul Rehman Sayed
  • 6,532
  • 7
  • 45
  • 74
  • This was a lifesaver. We still have a few classic asp pages on an IIS 6 server and I was going crazy trying to figure this out. Thank you! – EddieB Apr 06 '17 at 17:36