Click here to Skip to main content
13,044,584 members (62,170 online)
Rate this:
Please Sign up or sign in to vote.
Hello Everyone,

We have created REST services using web API and successfully deployed on our Testing Servers. When check those services using POSTER (tool comes as addon in Mozilla and used for testing services), we get perfect output. But when we do Jquery Ajax call, we
face error of " Origin is not allowed by access-control-allow-origin + rest services ". To solve this problem we were about to use JSONP but jsonP does CSRF or XSRF attacks. Because of which we have to find another alternative.

Here is my code which i used to call Service.

function GetAllAssets() {

       type: "POST",
       url: "",
       contentType: "application/json; charset=utf-8",
       dataType: "json",
       async: false,
       success: OnGetAllAssetsSuccess,
       error: OnGetAllAssetsError
function OnGetAllAssetsSuccess(data, status) {
alert("status "+status);
function OnGetAllAssetsError(request, status, error) {
alert("status "+ status);

We are using Windows server 2003 and 2008, Is there anything in server configuration which can solve this or any other alternative. Is that a problem of Rest Service Code shown below?

Here is a function code of one function:

        public HttpResponseMessage GetAllSites(Models.LogInInfo logInInfo)
            Models.LogWriter.WriteEventLog("UserName:" + logInInfo.UserName + "password:" + logInInfo.Password);
            RESTLibrary.User user;
                BusinessObjects.SiteQuery sq = new BusinessObjects.SiteQuery("s");
                BusinessObjects.VisibleSitesQuery vs = new BusinessObjects.VisibleSitesQuery("v");
                BusinessObjects.UserRoleQuery urq = new BusinessObjects.UserRoleQuery("r");
                // code to get the Vam On Demand Database name and set the connection property of the ES objects.

                Models.LogWriter.WriteEventLog("UserName:" + logInInfo.UserName + "password:" + logInInfo.Password);
                user = Models.Common.AuthenticateUser(logInInfo.UserName, logInInfo.Password);
                if (user == null)
                    throw new Exception("User is not authenticated.");
                Int32 RoleID = user.GetUserRoleID();
                    ).Where(sq.SiteID.In(vs.Select(vs.SiteID).Where(vs.RoleID.In(urq.Select(urq.RoleID).Where(urq.UserID == user.UserID)))));
                BusinessObjects.SiteCollection sites = new BusinessObjects.SiteCollection();
<pre lang="cs">sites.Load(sq);
                var siteList = from s in sites
                               select new Models.Site
                                   SiteCode = s.SiteCode,
                                   SiteDescription = s.SiteDescription,
                                   SiteIDInternal = (Guid)s.SiteIDInternal,
                                   SiteName = s.SiteName
                HttpResponseMessage message = Request.CreateResponse(HttpStatusCode.OK, siteList.ToList());
                return message;
            catch (Exception ex)
               // return string.Empty;
                var response = new HttpResponseMessage(HttpStatusCode.Conflict);
                response.Content = new StringContent(ex.Message);
                throw new HttpResponseException(response);

This function just returns list of Sites created in application.

Posted 4-Oct-12 18:39pm
Updated 4-Oct-12 21:00pm

1 solution

Rate this: bad
Please Sign up or sign in to vote.

Solution 1

I was able to use the following link to resolve this issue.[^]

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy | Mobile
Web02 | 2.8.170713.1 | Last Updated 22 Apr 2014
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100