You've been kicked (a good thing) - Trackback from DotNetKicks.com

Huge thanks for this Ido! The sample project works perfectly and we are now using CORS in all our JSON endpoints. Goodbye jsonp hacks!

If anyone else is using this for json modify BeforeSendReply and add the header Content-Type: application/json and your browsers will be happier.

How do you handle authentication? If the endpoint requires authentication IIS sends 401 BEFORE the actual behavior kicks in...

I cannot access your skydrive link. Canyou please send the code to lalithkx@hotmail.com ?

Thanks

Thanks Ido:

I was able toaccess it from my home. I thing our company firewalls were blocking the link.

Though I was able to build it mostly on my own, it helped fix a few issues.

Hi,

i tried using the WebHttpCors in my WCF project but I get error "cannot add the behavior extension 'CorsSupport' to the service behavior named 'WcfService1.ServiceBehaviour' because the underlying behavior type does not implement the IServiceBehavior interface."

Can you please help me resolve the issue?

Great post! This solve my problem perfectly! Thanks a lot!!!

Thank you for sharing this library. I've added a couple of lines to make it work for me (I am trying to connect WCF REST service and jQuery client).

1. Added content-type = json header for OPTIONS response

2. Instead of "*" value in Access-Control-Allow-Methods header I've set "POST, PUT, GET, OPTIONS, DELETE" as acording to this manual developer.mozilla.org/.../HTTP_access_control the rule for header is:

Access-Control-Request-Headers: <field-name>[, <field-name>]*

Is it possible to use this behavior when you have a transport security on the binding of NTLM? Will the OPTIONS header have to negotiate with user credentials too? :(

If the Access-Control-Max-Age header is added to the pre-flight response then the browser will not make pre-flight requests everytime.

property.Headers.Add("Access-Control-Max-Age", "1728000");

Ido,

I tried your method. My ErrorHandler throws an null reference exception in the CustomOperationInvoker Invoke function where it finds it is a preflight invoke and returns null. Any idea what went wrong?

Huge, huge thanks for this sample. I was in desperate need of a windows service hosted WCF rest service (not IIS). It works perfectly for receiving information. However, I need to pass information to the server. I've tried adding a second method to the interface in your example:

[WebInvoke(Method = "POST", BodyStyle = WebMessageBodyStyle.WrappedRequest, ResponseFormat = WebMessageFormat.Json, RequestFormat= WebMessageFormat.Json)]

       [OperationContract]

       string Echo2(string input);

With the following implementation:

public string Echo2(string input)

       {

           return input;

       }

I'm then attempting to call it via:

$.ajax({

           type: "POST",

           url: "localhost/Echo2",

           contentType: "application/json",

           datatype: "text/json",

data: "{'input' : 'test'}",

           success: function (str) {

             alert (str);

           },

           error: function (xhr) {

               alert(xhr.responseText);

           }

       });

But I just get a server error 400. How can i make this  work? I'm hoping i'm missing something simple.

Many thanks in advance.

SOLVED!

It was merely a problem of my AJAX data syntax. I needed to swap the single and double quotes.

data: '{"input" : "test"}'

I hope this helps someone in the future.

As per my understanding, the solution described in the post would work only if authentication check is turned off on the binding. I have a WCF service hosted using windows service with basic authentication enabled using binding.

IDispatchMessageInspector seems to be invoked only after authentication is done so the code never gets invoked for pre-flight request as it just returns with 401 and does nothing after that. I can see 401 through fiddler. If I set client credentials to none on the binding it works but then I lose authentication capabilities. Did you find a way to overcome this?  

My relatives every time say that I am wasting my time

here at net, however I know I am getting know-how daily by reading such good

posts.

How do I use the factory you provided with IIS? Setup instructions?

Nike Manumitted TR Suited 3 noteworthy features is to from the additional scheme: Nike Let off 5 soles improved bending Groove; stylish tractor formation making training more focused when; lighter preponderance, the permeability is stronger, and more fashionable shoe designs not not exhort shoes [url=turbo-vac.co.uk/components_13.cfm]nike free uk[/url]

more serene wearing, barefoot training caress, but also more stylish appearance.

Nike Manumitted TR Fit 3 provides first-class lateral reliability, you can be suffering with the legs in the lap boost during training. Acrid vamp majuscule letters breathable webbing, disgrace soap up's one of a kind map can be [url=markwarren.org.uk/property-waet.cfm]air max 90 uk[/url]

seen from stem to stern it. Lightweight, ragged, piddling froth matter habituated to past merest occasional seams, more obedient, support is stronger. Need more mainstay, part of a training irritate, foam close in more parts of the shortage championing conformableness, foam loose. Throw away twice tongue moisture wicking mock materials, unshiny on your feet, help keep feet sear and comfortable. Phylite [url=hear4you.com/catalogues.cfm]air max 1 uk[/url]

midsole offers lightweight shock unchanging, famous durability and even outsole can do to greatly reduce the comprehensive dialect heft of the shoe. Qianzhang pods on the outsole and heel-shaped Green rubber enhances the shoe multi-directional drag on different surfaces.

Hello. And Bye.