Skip to content

CORS support for IIS, ASP.NET MVC and ASP.NET WebAPI

Jump to bottom Edit New page
brockallen edited this page Oct 19, 2012 · 2 revisions

The open source Thinktecture.IdentityModel security library contains a full-featured CORS implementation. Many other sample implementations only emit the Access-Control-Allow-Origin header, but there’s more to it than that. The implementation in Thinktecture.IdentityModel follows the W3C Working Draft 3 from April 2012. There is a rich configuration API to control the various settings that are involved with CORS. These settings include which resource you want to configure, which origins are allowed, which HTTP methods are allowed, which request and/or response headers are allowed and if are cookies allowed. There is support for the three main Microsoft web programming models: IIS, ASP.NET MVC and ASP.NET WebAPI.

Here is the announcement page with some samples.

Here is the source for .NET 4.5 and for .NET 4.0. Both are packaged into a Nuget package downloadable from Visual Studio.

Add a custom footer
Add a custom sidebar
Clone this wiki locally