I got you!!!
You add Access-Control-Allow-Origin twice in your server (not to mention the client too)...
Once form the code:
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "*")
And a second time form the config file:
<add name="Access-Control-Allow-Origin" value="*" />
Do it only once!!!