Trouble getting CORS working with Web API 2

Question

I'm having a heck of a time getting Cors working with Web Api. I just created the Web Api with the default template that comes with visual studio 2015. The only changes i made are:

Install-Package Microsoft.aspnet.webapi.cors  

In WebApiConfig.cs::Register(HttpConfiguration config):

   var cors = new EnableCorsAttribute(
            origins: "*",
            headers: "*",
            methods: "*");
   config.EnableCors(cors);  

I made the POST method in the values controller async:

public async Task Post(Guid id)

I added a small amount of logic to the post method.

I'm calling the Web Api from another project in my solution:

using (var client = new HttpClient())
{
      client.DefaultRequestHeaders.Add("My-GUID",streamProvider.Guid.ToString());
      var response = await client.PostAsXmlAsync("http://localhost.fiddler:2010/api/values", myXmlString);

      if (response.StatusCode != HttpStatusCode.Created)
      {
            throw new HttpResponseException(HttpStatusCode.InternalServerError);
      }
 }

Request:

POST http://localhost:2010/api/values HTTP/1.1
TRS-GUID: 2ca71b41-9e78-4216-a013-e45c6fd6cb4c
Content-Type: application/xml; charset=utf-8
Host: localhost:2010
Content-Length: 183
Expect: 100-continue
Connection: Keep-Alive

<string xmlns="http://schemas.microsoft.com/2003/10/Serialization/">&lt;?xml version="1.0" encoding="utf-8"?&gt;
&lt;root&gt;
  &lt;MbrId&gt;22&lt;/MbrId&gt;
&lt;/root&gt;</string>

Response:

HTTP/1.1 405 Method Not Allowed
Cache-Control: no-cache
Pragma: no-cache
Allow: GET
Content-Type: application/xml; charset=utf-8
Expires: -1
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-SourceFiles: =?UTF-8?B?Qzpcc291cmNlXEFzeW5jRmlsZVVwbG9hZERlbW9cc3JjXEFwcFxhcGlcdmFsdWVz?=
X-Powered-By: ASP.NET
Date: Thu, 08 Oct 2015 14:33:08 GMT
Content-Length: 93

<Error><Message>The requested resource does not support http method 'POST'.</Message></Error>

Like i said i've made minimal changed and am running this through IIS express locally. I've been googling around and trying a few things but nothing seems to work. I tried adding the cors options as attributes but it resulted in the same thing. I also seen one post suggesting '*' wasn't in the original spec so i tried by using the methods specfically (POST, PUT, GET) but that didn't work either.

Edit:
Does this have anything to do with the 'preflight' request? I only notice the POST request in fiddler. I don't see it sending an 'options' request across. If this is the issue shouldn't httpclient handle this automatically?

Answer
Thanks goes out to Darrel for the answer. As you can tell the error message coming back was really misleading and definitely sounded like a CORS problem but it wasn't. I never realized CORS was only for the browser. Like Darrell said it was a routing problem. I put a Guid as a POST parameter which caused no route to be matched. To bad the error message coming back couldn't be a little more useful.

Answer 1

There are no cross-origin restrictions for HttpClient. It is purely a web browser constraint. You do not need to implement CORS for HttpClient requests.

Try making the POST request via fiddler and see if that works. I suspect you may just have a routing problem.