How to enable CORS for asp.net mvc web site?

Question

I want to enable CORS for an action in my asp.net mvc 4 web site. This is possible for web api http://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api Is there a similar solution for mvc web site? I also want to be able to restrict this for origin web sites I want. Thanks

Answer 1

i think you need to create your Custom authorization Like this:

/// <summary>
/// Referrer Url Custom Authorize
/// </summary>
[AttributeUsage(AttributeTargets.Class)]
public class ReferrerUrlAuthorize : AuthorizeAttribute
{
    protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext)
    {
        IList<string> webSitesAllowed = new List<string>() { "http://mywebsite.com", "http://customersite.com" };
        string urlReferrer = System.Web.HttpContext.Current.Request.UrlReferrer.AbsoluteUri;

        //checking if the referrer url exists in your list of sites allowed
        if (!webSitesAllowed.Contains(urlReferrer))
            return false;  //access denied
        return true;
    }
}

and in your controller class must be set the ReferrerUrlAuthorize

   [ReferrerUrlAuthorize]
public class HomeController : Controller
{
    public ActionResult Index()
    {
        ViewBag.Title = "Home Page";

        return View();
    }
}