As described in here: https://stackoverflow.com/questions/6290053/setting-access-control-allow-origin-in-asp-net-mvc-simplest-possible-method

You should just create an action filter and set the headers there. You can use this action filter on your action methods wherever you want. 

    public class AllowCrossSiteJsonAttribute : ActionFilterAttribute
    {
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            filterContext.RequestContext.HttpContext.Response.AddHeader(&quot;Access-Control-Allow-Origin&quot;, &quot;*&quot;);
            base.OnActionExecuting(filterContext);
        }
    }

If you want to add multiple domains, you can&#39;t just set the header multiple times. In your action filter you will need to check if the requesting domain is from your list of domains and then set the header.

        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            var domains = new List&lt;string&gt; {&quot;domain2.com&quot;, &quot;domain1.com&quot;};
            
            if (domains.Contains(filterContext.RequestContext.HttpContext.Request.UrlReferrer.Host))
            {
                filterContext.RequestContext.HttpContext.Response.AddHeader(&quot;Access-Control-Allow-Origin&quot;, &quot;*&quot;);
            }
            
            base.OnActionExecuting(filterContext);
        }


I used constants like `vbLf` , `vbCrLf` &amp; `vbCr` in a *MsgBox*; it produces same output in a MsgBox (Text &quot;Hai&quot; appears in a first paragraph and a word &quot;Welcome&quot; appears in a next Paragraph )


    MsgBox(&quot;Hai&quot; &amp; vbLf &amp; &quot;Welcome&quot;)
    MsgBox (&quot;Hai&quot; &amp; vbCrLf &amp; &quot;Welcome&quot;)
    MsgBox(&quot;Hai&quot; &amp; vbCr &amp; &quot;Welcome&quot;)

I know `vbLf` , `vbCrLf` &amp; `vbCr` are used for print and display functions.

I want to know the Difference between the `vbLf` , `vbCrLf` &amp; `vbCr` constants.

Differences Between vbLf, vbCrLf &amp; vbCr Constants

I&#39;m using Django 1.7. When deploying my site to a Production server and running `collectstatic`, I get following error message:
**`django.core.exceptions.ImproperlyConfigured: The STATICFILES_DIRS setting should not contain the STATIC_ROOT setting`**

I use split settings; my production `local.py` contains:

    STATIC_ROOT = &#39;/home/username/projects/site/static/&#39;

and my `base.py` contains:

    STATICFILES_DIRS = (
        os.path.join(BASE_DIR, &#39;static&#39;),
    )

Collecting staticfiles throws ImproperlyConfigured

I have a MVC project in which I have a couple of JSON controller methods I want to expose cross domain. Not the entire site, just these two methods.

I basically want to to the exact thing stated in this post for cors:

http://enable-cors.org/server_aspnet.html

However, the problem is that I have a regular MVC project and not a WEB API, meaning, that I cannot follow the steps regaring the register 

    public static void Register(HttpConfiguration config)
    {
        // New code
        config.EnableCors();
    }

method since it is not present in my MVC project.

Is there a way to use this library although it is a MVC project?

I&#39;m aware of that I can config this through web.config using:

    &lt;httpProtocol&gt;
          &lt;customHeaders&gt;
            &lt;clear /&gt;
            &lt;add name=&quot;Access-Control-Allow-Origin&quot; value=&quot;http://www.domain.com&quot; /&gt;
          &lt;/customHeaders&gt;
    &lt;/httpProtocol&gt;

But I don&#39;t want to expose all methods, and I want to specify more than one domain (2 domains) to have access to my methods...

CORS in ASP .NET MVC5

I have a MVC project in which I have a couple of JSON controller methods I want to expose cross domain. Not the entire site, just these two methods.
I basically want to to the exact thing stated in this post for cors:
<a href="http://enable-cors.org/server_aspnet.html" target="_blank" rel="noopener noreferrer">http://enable-cors.org/server_aspnet.html</a>
However, the problem is that I have a regular MVC project and not a WEB API, meaning, that I cannot follow the steps regaring the register
<pre><code class="hljs language-arduino">public static void Register(HttpConfiguration config)
{
 // New code
 config.EnableCors();
}
</code></pre>
method since it is not present in my MVC project.
Is there a way to use this library although it is a MVC project?
I'm aware of that I can config this through web.config using:
<pre><code class="hljs language-php-template">&#x3C;httpProtocol>
 &#x3C;customHeaders>
 &#x3C;clear />
 &#x3C;add name="Access-Control-Allow-Origin" value="http://www.domain.com" />
 &#x3C;/customHeaders>
&#x3C;/httpProtocol>
</code></pre>
But I don't want to expose all methods, and I want to specify more than one domain (2 domains) to have access to my methods...

I tried everything that is written in this article: http://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api, but nothing works.
I&#39;m trying to get data from webAPI2 (MVC5) to use in another domain using angularJS.

my controller looks like this:

    namespace tapuzWebAPI.Controllers
    {
        [EnableCors(origins: &quot;http://local.tapuz.co.il&quot;, headers: &quot;*&quot;, methods: &quot;*&quot;, SupportsCredentials = true)]
        [RoutePrefix(&quot;api/homepage&quot;)]
        public class HomePageController : ApiController
        {
            [HttpGet]
            [Route(&quot;GetMainItems&quot;)]
            //[ResponseType(typeof(Product))]
            public List&lt;usp_MobileSelectTopSecondaryItemsByCategoryResult&gt; GetMainItems()
            {
              
    
                HomePageDALcs dal = new HomePageDALcs();
                //Three product added to display the data
    
                //HomePagePromotedItems.Value.Add(new HomePagePromotedItem.Value.FirstOrDefault((p) =&gt; p.ID == id));
    
    
                List&lt;usp_MobileSelectTopSecondaryItemsByCategoryResult&gt; items = dal.MobileSelectTopSecondaryItemsByCategory(3, 5);
                return items;
    
            }      
        }
    }



MVC web api: No &#39;Access-Control-Allow-Origin&#39; header is present on the requested resource

My understanding is currently you can self host WebAPI using Katana, and MVC will have this capability in a future version. Essentially Katana will be a hosting option available to both MVC and WebAPI.

Kestrel has entered the picture, and I see a few MS employees blogging about it demonstrating hosting ASP.NET vNext on Linux.

My understanding is that both Kestrel and Katana implement the OWIN pipeline.

From there it is all a bit fuzzy. I ask myself, why has Kestrel entered the picture, when it seems Katana could serve the same purpose if you compiled it with mono and made some efforts to make it cross platform compatible(perhaps easier said than done).

**Do Kestrel and Katana serve the same purpose?  Or is one specialized in some way that the other is not?**

Will Kestrel eventually be a viable choice for Windows deployments? Or will it be specialized for non-Windows environments and Katana still the choice for Windows?

I recognize that I&#39;m possibly asking for an apple to oranges comparison due to my lack of knowledge of Katana/Kestrel, but if the answer is &quot;Oranges have more of an acidic taste than apples&quot; then that IMO is a perfectly valid answer.

Distinction between Kestrel and Katana

The default Identity provider provided in ASP.NET 5 has very strict password rules by default, requiring a lower case character, an upper case character, a non-alphanumeric character, and a number. I am looking for a way to change the password requirements for the provider.

Previously in ASP.NET 4, the provider could be configured via the Web.config XML file, as [previously answered](https://stackoverflow.com/questions/678454/how-do-i-define-the-password-rules-for-the-asp-net-membership-provider). However ASP.NET 5 uses the new code based configuration pattern and it is unclear how to configure the identity.

How can I change the password requirements for my application?

How do I define the password rules for Identity in ASP.NET 5 MVC 6 (vNext)?

I have dropdownlist, which I have filled from database. Now I need to get the selected value in Controller do some manipulation. But not getting the idea. Code which I have tried.

Model
-----

    public class MobileViewModel 
    {          
        public List&lt;tbInsertMobile&gt; MobileList;
        public SelectList Vendor { get; set; }
    }

Controller
----------

     public ActionResult ShowAllMobileDetails()
        {
            MobileViewModel MV = new MobileViewModel();
            MV.MobileList = db.Usp_InsertUpdateDelete(null, &quot;&quot;, &quot;&quot;, null, &quot;&quot;, 4, MergeOption.AppendOnly).ToList();
            MV.Vendor = new SelectList(db.Usp_VendorList(), &quot;VendorId&quot;, &quot;VendorName&quot;);
            return View(MV);
        }

        [HttpPost]
        public ActionResult ShowAllMobileDetails(MobileViewModel MV)
        {           
            string strDDLValue = &quot;&quot;; // Here i need the dropdownlist value

            return View(MV);
        }

View
----

       &lt;table&gt;           
            &lt;tr&gt;
                &lt;td&gt;Mobile Manufacured&lt;/td&gt;
                &lt;td&gt;@Html.DropDownList(&quot;ddlVendor&quot;, Model.Vendor, &quot;Select Manufacurer&quot;) &lt;/td&gt;
            &lt;/tr&gt;         
            &lt;tr&gt;
                &lt;td&gt;

                &lt;/td&gt;
                &lt;td&gt;
                    &lt;input id=&quot;Submit1&quot; type=&quot;submit&quot; value=&quot;search&quot; /&gt;
                &lt;/td&gt;
            &lt;/tr&gt;
        &lt;/table&gt;

How to get DropDownList SelectedValue in Controller in MVC

I am testing Visual Studio 2015 with C# 6.0 but the language features are not working. In an MVC web application, the following code does compile:

    if (!string.IsNullOrWhiteSpace(Model.Profile?.TypeName))
    {
        // More logic here...
    }

However, when I run the application via Debug and IIS Express, I get the following error:

&gt; CS1525: Invalid expression term &#39;.&#39;

How do I enable these features?

C# 6.0 Features Not Working with Visual Studio 2015

I&#39;ve been reading up on `CORS` and how it works, but I&#39;m finding a lot of things confusing. For example, there are lots of details about things like 

&gt; User `Joe` is using browser `BrowserX` to get data from `site.com`,
&gt; which in turn sends a request to `spot.com`. To allow this, `spot` has
&gt; special headers... yada yada yada

Without much background, I don&#39;t understand why websites wouldn&#39;t let requests from some places. I mean, they exist to serve responses to requests, don&#39;t they? Why would certain people&#39;s of requests not be allowed?

It would really appreciate a nice explanation (or a link to one) of the problem that `CORS` is made to solve.

So the question is,

**What is the problem `CORS` is solving?**

What is the issue CORS is trying to solve?

I&#39;m developing a java script client application, in server-side I need to handle CORS, all the services I had written in JAX-RS with JERSEY.
My code:
       
    @CrossOriginResourceSharing(allowAllOrigins = true)
    @GET
    @Path(&quot;/readOthersCalendar&quot;)
    @Produces(&quot;application/json&quot;)
    public Response readOthersCalendar(String dataJson) throws Exception {  
         //my code. Edited by gimbal2 to fix formatting
         return Response.status(status).entity(jsonResponse).header(&quot;Access-Control-Allow-Origin&quot;, &quot;*&quot;).build();
    }

As of now, i&#39;m getting error No &#39;Access-Control-Allow-Origin&#39; header is present on the requested resource. Origin &#39;http://localhost:8080&#39; is therefore not allowed access.”

Please assist me with this.

Thanks &amp; Regards
Buddha Puneeth

How to handle CORS using JAX-RS with Jersey

I&#39;m trying to fetch the feed of a news website. Thought I&#39;d use google&#39;s feed API to convert the feedburner feed into json. The following url will return 10 posts from the feed, in json format. [http://ajax.googleapis.com/ajax/services/feed/load?v=1.0&amp;num=10&amp;q=http://feeds.feedburner.com/mathrubhumi][1]

I used the following code to get the contents of above url

    $.ajax({
      type: &quot;GET&quot;,
      dataType: &quot;jsonp&quot;,
      url: &quot;http://ajax.googleapis.com/ajax/services/feed/load&quot;,
      data: {
        &quot;v&quot;: &quot;1.0&quot;,
        &quot;num&quot;: &quot;10&quot;,
        &quot;q&quot;: &quot;http://feeds.feedburner.com/mathrubhumi&quot;
      },
      success: function(result) {
        //.....
      }
    });

but it&#39;s not working and I&#39;m getting the following error

&gt; XMLHttpRequest cannot load
&gt; http://ajax.googleapis.com/ajax/services/feed/load?v=1.0&amp;num=10&amp;q=http%3A%2F%2Ffeeds.feedburner.com%2Fmathrubhumi.
&gt; No &#39;Access-Control-Allow-Origin&#39; header is present on the requested
&gt; resource. Origin &#39;http://localhost&#39; is therefore not allowed access.

How do I fix this?


  [1]: http://ajax.googleapis.com/ajax/services/feed/load?v=1.0&amp;num=10&amp;q=http://feeds.feedburner.com/mathrubhumi

No &#39;Access-Control-Allow-Origin&#39; header is present on the requested resource error

I tried to follow the steps at http://enable-cors.org/server_aspnet.html
to have my RESTful API (implemented with ASP.NET WebAPI2) work with cross origin requests (CORS Enabled). It&#39;s not working unless I modify the web.config.

I installed WebApi Cors dependency:

    install-package Microsoft.AspNet.WebApi.Cors -ProjectName MyProject.Web.Api

Then in my `App_Start` I&#39;ve got the class `WebApiConfig` as follows:

    public static class WebApiConfig
    {
        public static void Register(HttpConfiguration config)
        {
            var corsAttr = new EnableCorsAttribute(&quot;*&quot;, &quot;*&quot;, &quot;*&quot;);
            config.EnableCors(corsAttr);

            var constraintsResolver = new DefaultInlineConstraintResolver();

            constraintsResolver.ConstraintMap.Add(&quot;apiVersionConstraint&quot;, typeof(ApiVersionConstraint));
            config.MapHttpAttributeRoutes(constraintsResolver); 
            config.Services.Replace(typeof(IHttpControllerSelector), new NamespaceHttpControllerSelector(config));
            //config.EnableSystemDiagnosticsTracing(); 
            config.Services.Replace(typeof(ITraceWriter), new SimpleTraceWriter(WebContainerManager.Get&lt;ILogManager&gt;())); 
            config.Services.Add(typeof(IExceptionLogger), new SimpleExceptionLogger(WebContainerManager.Get&lt;ILogManager&gt;()));
            config.Services.Replace(typeof(IExceptionHandler), new GlobalExceptionHandler()); 
        }
    }

but after that I run the application, I request a resource with Fiddler like:
http://localhost:51589/api/v1/persons
and in the response I cannot see the HTTP headers that I should see such as:

* `Access-Control-Allow-Methods: POST, PUT, DELETE, GET, OPTIONS`
* `Access-Control-Allow-Origin: *`

Am I missing some step? I have tried with the following annotation on the controller:

`[EnableCors(origins: &quot;http://example.com&quot;, headers: &quot;*&quot;, methods: &quot;*&quot;)]`

Same result, no CORS enabled.

However, if I add the following in my web.config (without even installing the AspNet.WebApi.Cors dependency) it works:

    &lt;system.webServer&gt;

    &lt;httpProtocol&gt;
      &lt;!-- THESE HEADERS ARE IMPORTANT TO WORK WITH CORS --&gt;
      &lt;!--
      &lt;customHeaders&gt;
        &lt;add name=&quot;Access-Control-Allow-Origin&quot; value=&quot;*&quot; /&gt;
        &lt;add name=&quot;Access-Control-Allow-Methods&quot; value=&quot;POST, PUT, DELETE, GET, OPTIONS&quot; /&gt;
        &lt;add name=&quot;Access-Control-Allow-Headers&quot; value=&quot;content-Type, accept, origin, X-Requested-With, Authorization, name&quot; /&gt;
        &lt;add name=&quot;Access-Control-Allow-Credentials&quot; value=&quot;true&quot; /&gt;
      &lt;/customHeaders&gt;
      --&gt;
    &lt;/httpProtocol&gt;
    &lt;handlers&gt;
      &lt;!-- THESE HANDLERS ARE IMPORTANT FOR WEB API TO WORK WITH  GET,HEAD,POST,PUT,DELETE and CORS--&gt;
      &lt;!--
      
      &lt;remove name=&quot;WebDAV&quot; /&gt;
      &lt;add name=&quot;ExtensionlessUrlHandler-Integrated-4.0&quot; path=&quot;*.&quot; verb=&quot;GET,HEAD,POST,PUT,DELETE&quot; type=&quot;System.Web.Handlers.TransferRequestHandler&quot; preCondition=&quot;integratedMode,runtimeVersionv4.0&quot; /&gt;
      &lt;remove name=&quot;ExtensionlessUrlHandler-Integrated-4.0&quot; /&gt;
      &lt;remove name=&quot;OPTIONSVerbHandler&quot; /&gt;
      &lt;remove name=&quot;TRACEVerbHandler&quot; /&gt;
      &lt;add name=&quot;ExtensionlessUrlHandler-Integrated-4.0&quot; path=&quot;*.&quot; verb=&quot;*&quot; type=&quot;System.Web.Handlers.TransferRequestHandler&quot; preCondition=&quot;integratedMode,runtimeVersionv4.0&quot; /&gt;
    --&gt;
    &lt;/handlers&gt;
      
  &lt;/system.webServer&gt;

Any help would be much appreciated!

Thank you.

Content Type	Original Author	Original Content on Stackoverflow
Question	user4309587	View Question on Stackoverflow
Solution 1 - asp.net Mvc	Vsevolod Goloviznin	View Answer on Stackoverflow

CORS in ASP .NET MVC5

asp.net Mvc Problem Overview

asp.net Mvc Solutions

Solution 1 - asp.net Mvc

Collecting staticfiles throws ImproperlyConfigured

Differences Between vbLf, vbCrLf & vbCr Constants

Attributions