Click here to Skip to main content
15,798,151 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
Please show me an example of self hosted WCF service in which CORS(Cross origin resource sharing) is enabled. The WCF can be hosted in a console application.
Sergey Alexandrovich Kryukov 4-Dec-15 0:54am    
I don't think it can possibly make any sense. Web components have such feature as protection from cross-domain requests "same-origin security policy". And CORS provides a safe work-around mechanism based on some standards. But self-hosted service is something totally custom, it does not have to obey any policy. You cannot develop workaround solution for the problem which does not even exist.

By the way, the adequate form of a WCF service on Windows would be a Windows Service.

Vasudevan B 4-Dec-15 1:47am    
Hello SA,

Thank you for your comments. Let me elaborate the problem that I am facing now:
I have a Windows Forms Application which does some calculation (It receives some data from an interface and process it) and I have a web application in which I need the processed information from the Forms Application. So my plan was to create a WCF service as a self hosted service in forms application and to access it from the browser. But I tried few sample codes and none of them worked. Could you please provide me a solution how to overcome this.
Sergey Alexandrovich Kryukov 4-Dec-15 2:06am    
Okay, very good. I see no place for CORS. And it's not just "comments"; I provided complete answer for you. Your phrasing suggests that you did not noticed that. Did you?

Any more concerns? If not, please accept it formally. If you have some concerns, you can always ask further questions.


1 solution

Please see my comment to the question.

I got an impression that you have a big confusion, and, in particular, you don't know yourself what cross-domain activity you want to have. Please forgive me if I'm wrong about it, because of some kind of misunderstanding of your question, but than you will have to clarify it.

In all cases, I think you need to get clearer understanding of things. You can learn about same-origin policy, CORS and Web security model in general:[^],[^].

Here, I can only speculate on what you want to achieve, but let's make some initial logical steps. You can read that
This policy prevents a malicious script on one page from obtaining access to sensitive data on another web page through that page's Document Object Model.
Where are those "scripts" and "pages"? Maybe, there is no such thing. But even if you want to have something like that, what "cross-domain" may possibly mean? It may mean that some client sends some request to your custom WCF service. Part of this request could be some URI pointing to some Internet resource placed outside of the domain of your service; and the request implies that your service should deliver this resource on behalf of your client. Even if it is so, how your service, being custom, can be restricted from doing that? In relation to the foreign-domain service, your service is no different from any other client. You can retrieve any accessible resource based on one of the standard protocols using the class System.Net.WebRequest (a concrete class will be determined by the URI, please see WebRequest.Create static methods). That's all.

If you want to reproduce all the Web-specific security policies and then follow the standards related to CORS, you can do it, but it's hard to imagine the reason why would you do it. If I'm missing something, please explain it.

Share this answer
jsoldi 2-Dec-19 20:07pm    
Unfortunately, this is one of the first results when you google "self-hosted WCF enable CORS" and the responder here completely misunderstood the question and still wrote a condescending and wasteful response. The WCF the OP is referring to is a service hosted in a WebHttpBinding or similar. They want to access the service using JavaScript, but the browser will refuse to access it if the service is on a domain different than the one in which the script is running, so they want to enable CORS to prevent this. An actual solution seems to be this:

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900