Web Service C# ASP.NET cannot make requests

Question

I'm in a proyect where I have to fill a textbox (as if it was a select control) with data requested from a Web Service while the user is writing in the textbox.

The web service is developed in the same solution.

The problem is when I make a request from the client-side it throws me:

"Failed to load http://.../wsConsultaAfiliados.asmx: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I've searching for a while and I read that is a problem of CORS. However, I don't understand why. I'm requesting the data to the web service from the client-side which are in the same domain.

For what I searched I understand that CORS is for security reasons when you ask data from X domain to Y domain.

It's the first time I consume web service and I'm a bit lost about the scheme I should follow.

Add code

public class wsConsultaAfiliados : System.Web.Services.WebService
    {

        /// <summary>
        /// Busca una lista de Afiliados que coincidan con los parámetros de entrada. Devuele DataTable.
        /// </summary>
        /// <returns></returns>     
        [ScriptMethod(ResponseFormat = ResponseFormat.Json)]
        [WebMethod]
        public DataTable ConsultarAfiliados(string oPrefixText)
        {
            var listaAfiliados = GetAfiliados(oPrefixText);

            return listaAfiliados;
        }

        /// <summary>
        /// Devuelve un DataTable con Codigo y Nombre del afiliado.
        /// </summary>
        /// <param name="oPrefixText"></param>
        /// <returns></returns>
        public DataTable GetAfiliados(string oPrefixText)
        {
            negPrevision neg = new negPrevision();
            return neg.obtenerAfiliadosPorNombre(oPrefixText);
        }
    }

Here's the code from the web services. It ask for data to the logic layer.

The port number is considered part of the domain name, so since they're different you get the CORS error. (You just removed the most important parts of the error message) — Reinstate Monica Cellio, Aug 30 '18 at 14:03
Well... Please post your code (or at least part of it), CORS problems could be caused by a lot of things. — Joel, Aug 30 '18 at 14:03
Are you making the web service for this project, or is it used for other things? If you're making it just for this then you'd be much better making a WebApi. — Reinstate Monica Cellio, Aug 30 '18 at 14:05
It's not matter if you have two web application in the same solution: they will be two separate sites and you will need to add "Access-Control-Allow-Origin" in the response header. If you are using mvc asp.net just add RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", "*") for ie. — Gianluca Conte, Aug 30 '18 at 14:11
Ok. Now I know that the port influences to identity a domain. But I can't figure out the way to indicate the web service to accept the request from the client-side. — GreatNews, Aug 30 '18 at 14:32
actually technically it's the browser which decides. But the web service has to set the correct HTTP response headers in order for the browser to allow the response to be delivered. The error message is telling you the main header you need to set. Depending on circumstances you may need to set others. Read https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS and countless other websites covering this topic. Somewhere you'll hopefully find something which covers how to set the headers from an ASMX service. Why using such a legacy platform by the way? ASMX was superseded about 10 years ago — ADyson, Aug 30 '18 at 14:36

Udara Kasun · Accepted Answer · 2018-08-31T03:24:18.080

Update your web.config like this to allow every request

<system.webServer>
    <httpProtocol>
      <customHeaders>
        <add name="Access-Control-Allow-Origin" value="*" />
      </customHeaders>
    </httpProtocol>
</system.webServer>

For IIS 7.5+ and Rewrite 2.0 you can use

<system.webServer>
   <httpProtocol>
     <customHeaders>
         <add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept" />
         <add name="Access-Control-Allow-Methods" value="POST,GET,OPTIONS,PUT,DELETE" />
     </customHeaders>
   </httpProtocol>
        <rewrite>            
            <outboundRules>
                <clear />                
                <rule name="AddCrossDomainHeader">
                    <match serverVariable="RESPONSE_Access_Control_Allow_Origin" pattern=".*" />
                    <conditions logicalGrouping="MatchAll" trackAllCaptures="true">
                        <add input="{HTTP_ORIGIN}" pattern="(http(s)?://((.+\.)?domain1\.com|(.+\.)?domain2\.com|(.+\.)?domain3\.com))" />
                    </conditions>
                    <action type="Rewrite" value="{C:0}" />
                </rule>           
            </outboundRules>
        </rewrite>
 </system.webServer>

Thanks! It solved the problem. Let me ask you another thing. I suposse that doing that it'll be set to accept all requests. Does it make any security hole? — GreatNews, Aug 30 '18 at 15:06
This solves your problem, but from a security point of view it is not the best solution. Assumed only one site is allowed to execute CORS requests, you can restrict access by setting it in the web.config of the web service to where the client side requests are sent. `` — Bouke, Aug 30 '18 at 16:28
i updated my answer. also you can check this for more details https://stackoverflow.com/questions/17323350/access-control-allow-origin-with-multiple-domains — Udara Kasun, Aug 31 '18 at 03:26

Web Service C# ASP.NET cannot make requests

1 Answers1