Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
Hello Everyone,
 
We have created REST services using web API and successfully deployed on our Testing Servers. When check those services using POSTER (tool comes as addon in Mozilla and used for testing services), we get perfect output. But when we do Jquery Ajax call, we
face error of " Origin is not allowed by access-control-allow-origin + rest services ". To solve this problem we were about to use JSONP but jsonP does CSRF or XSRF attacks. Because of which we have to find another alternative.
 
Here is my code which i used to call Service.
 
function GetAllAssets() {
 

   $.ajax({
       type: "POST",
       url: "http://xyz.com/VAMSyncServices/api/VAM/GetAllAssets",
       data:"{'logInInfo':{'UserName':'Admin','Password':'passwprd'},'astAssetIDInternal':'','lastSyncDate':'','startSyncDate':''}",
       contentType: "application/json; charset=utf-8",
       dataType: "json",
       async: false,
       success: OnGetAllAssetsSuccess,
       error: OnGetAllAssetsError
   });
}
 
function OnGetAllAssetsSuccess(data, status) {
alert("data"+data);
alert("status "+status);
}
 
function OnGetAllAssetsError(request, status, error) {
alert("status "+ status);
alert(error);
}
 
We are using Windows server 2003 and 2008, Is there anything in server configuration which can solve this or any other alternative. Is that a problem of Rest Service Code shown below?
 
Here is a function code of one function:
 
   [HttpPost]
        public HttpResponseMessage GetAllSites(Models.LogInInfo logInInfo)
        {
            Models.LogWriter.WriteEventLog("UserName:" + logInInfo.UserName + "password:" + logInInfo.Password);
            RESTLibrary.User user;
            try
            {
                BusinessObjects.SiteQuery sq = new BusinessObjects.SiteQuery("s");
                BusinessObjects.VisibleSitesQuery vs = new BusinessObjects.VisibleSitesQuery("v");
                BusinessObjects.UserRoleQuery urq = new BusinessObjects.UserRoleQuery("r");
 
                // code to get the Vam On Demand Database name and set the connection property of the ES objects.
 

                Models.LogWriter.WriteEventLog("UserName:" + logInInfo.UserName + "password:" + logInInfo.Password);
                user = Models.Common.AuthenticateUser(logInInfo.UserName, logInInfo.Password);
                if (user == null)
                {
                    throw new Exception("User is not authenticated.");
                }
 
                Int32 RoleID = user.GetUserRoleID();
                sq.Select(sq.SiteCode,
                    sq.SiteDescription,
                    sq.SiteIDInternal,
                    sq.SiteName
                    ).Where(sq.SiteID.In(vs.Select(vs.SiteID).Where(vs.RoleID.In(urq.Select(urq.RoleID).Where(urq.UserID == user.UserID)))));
 
                BusinessObjects.SiteCollection sites = new BusinessObjects.SiteCollection();
<pre lang="cs">sites.Load(sq);
 
                var siteList = from s in sites
                               select new Models.Site
                               {
                                   SiteCode = s.SiteCode,
                                   SiteDescription = s.SiteDescription,
                                   SiteIDInternal = (Guid)s.SiteIDInternal,
                                   SiteName = s.SiteName
                               };
 
                HttpResponseMessage message = Request.CreateResponse(HttpStatusCode.OK, siteList.ToList());
                return message;
            }
            catch (Exception ex)
            {
               // return string.Empty;
                var response = new HttpResponseMessage(HttpStatusCode.Conflict);
                response.Content = new StringContent(ex.Message);
                throw new HttpResponseException(response);
            }
        }
 

This function just returns list of Sites created in application.
 

Thanks,
Posted 4-Oct-12 19:39pm
Edited 4-Oct-12 22:00pm
v3

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

I was able to use the following link to resolve this issue.
 
http://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api[^]
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 6,569
1 Sergey Alexandrovich Kryukov 6,168
2 DamithSL 5,228
3 Manas Bhardwaj 4,717
4 Maciej Los 4,150


Advertise | Privacy | Mobile
Web01 | 2.8.1411022.1 | Last Updated 22 Apr 2014
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100