Origin is not allowed by access-control-allow-origin in rest services with WEBAPI

See more:

Ajax

jQuery

JSON

REST

JSONP

WebAPI

Hello Everyone,

We have created REST services using web API and successfully deployed on our Testing Servers. When check those services using POSTER (tool comes as addon in Mozilla and used for testing services), we get perfect output. But when we do Jquery Ajax call, we
face error of " Origin is not allowed by access-control-allow-origin + rest services ". To solve this problem we were about to use JSONP but jsonP does CSRF or XSRF attacks. Because of which we have to find another alternative.

Here is my code which i used to call Service.

function GetAllAssets() {


   $.ajax({
       type: "POST",
       url: "http://xyz.com/VAMSyncServices/api/VAM/GetAllAssets",
       data:"{'logInInfo':{'UserName':'Admin','Password':'passwprd'},'astAssetIDInternal':'','lastSyncDate':'','startSyncDate':''}",
       contentType: "application/json; charset=utf-8",
       dataType: "json",
       async: false,
       success: OnGetAllAssetsSuccess,
       error: OnGetAllAssetsError
   });
}

function OnGetAllAssetsSuccess(data, status) {
alert("data"+data);
alert("status "+status);
}

function OnGetAllAssetsError(request, status, error) {
alert("status "+ status);
alert(error);
}

We are using Windows server 2003 and 2008, Is there anything in server configuration which can solve this or any other alternative. Is that a problem of Rest Service Code shown below?

Here is a function code of one function:

   [HttpPost]
        public HttpResponseMessage GetAllSites(Models.LogInInfo logInInfo)
        {
            Models.LogWriter.WriteEventLog("UserName:" + logInInfo.UserName + "password:" + logInInfo.Password);
            RESTLibrary.User user;
            try
            {
                BusinessObjects.SiteQuery sq = new BusinessObjects.SiteQuery("s");
                BusinessObjects.VisibleSitesQuery vs = new BusinessObjects.VisibleSitesQuery("v");
                BusinessObjects.UserRoleQuery urq = new BusinessObjects.UserRoleQuery("r");

                // code to get the Vam On Demand Database name and set the connection property of the ES objects.


                Models.LogWriter.WriteEventLog("UserName:" + logInInfo.UserName + "password:" + logInInfo.Password);
                user = Models.Common.AuthenticateUser(logInInfo.UserName, logInInfo.Password);
                if (user == null)
                {
                    throw new Exception("User is not authenticated.");
                }

                Int32 RoleID = user.GetUserRoleID();
                sq.Select(sq.SiteCode,
                    sq.SiteDescription,
                    sq.SiteIDInternal,
                    sq.SiteName
                    ).Where(sq.SiteID.In(vs.Select(vs.SiteID).Where(vs.RoleID.In(urq.Select(urq.RoleID).Where(urq.UserID == user.UserID)))));

                BusinessObjects.SiteCollection sites = new BusinessObjects.SiteCollection();
<pre lang="cs">sites.Load(sq);

                var siteList = from s in sites
                               select new Models.Site
                               {
                                   SiteCode = s.SiteCode,
                                   SiteDescription = s.SiteDescription,
                                   SiteIDInternal = (Guid)s.SiteIDInternal,
                                   SiteName = s.SiteName
                               };

                HttpResponseMessage message = Request.CreateResponse(HttpStatusCode.OK, siteList.ToList());
                return message;
            }
            catch (Exception ex)
            {
               // return string.Empty;
                var response = new HttpResponseMessage(HttpStatusCode.Conflict);
                response.Content = new StringContent(ex.Message);
                throw new HttpResponseException(response);
            }
        }

This function just returns list of Sites created in application.


Thanks,