c# - How to enable Cross-Origin Resource Sharing in .Net Console Application WCF Service?

Question

I have a .netframework(4.5.2) Console Application which have RESTful WCF Service.

I have a problem with using rest service from Javascript client.

When I use Postman to consume rest service, there is no problem.

When I use Javascript fetch method, there is a CORS error

from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

I tried below solution from google;

1- Adding Web.config customHeaders.

Web.config adding parameter

however, there is no web.config, i add the below code App.config

<httpProtocol>
<customHeaders>
    <add name="Access-Control-Allow-Origin" value="*"/>
    <add name="Access-Control-Allow-Headers" value="Content-Type, Accept" />
    <add name="Access-Control-Allow-Methods" value="POST,GET,OPTIONS" />
    <add name="Access-Control-Max-Age" value="1728000" />
</customHeaders>

2- Global.asax

Global.asax solution for a web project

Because of reason mentioned before, there is no Global.asax. I cant try this.

3- WCF Builder

I allowed this CrossDomain control when build wcf service. This is not workin too.

 var binding = new WebHttpBinding(WebHttpSecurityMode.None);
 binding.CrossDomainScriptAccessEnabled = true;

Thanks for the advice.

EDIT

I also create a test application on github. You can see there Postman request reach service method, but javascript request does not. It gives below error.

https://github.com/mmustafau/StackoverServiceTestnet

...has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

my javascript request is below.

 let receiptJson =   {
        "Email": "[email protected]",
        "Name": "asdasd",
        "Password": "asdasd"
    }

  const requestOptions = {
        method: 'POST',
        headers:{ 'Content-Type': 'application/json',
             },
        body: JSON.stringify (receiptJson)

    };

return  fetch("http://localhost:8070/ServiceModelSamples/service/user", requestOptions)
        .then(handleResponse)
        .then(receiptJson => {


            return receiptJson;
        });

Answer 1

There are two ways to solve cross domain problems in WCF. The first is to add a global configuration file to the WCF project.After the project is deployed to IIS, IIS will read the added global configuration file to solve cross domain problems, just like a web project.

 protected void Application_BeginRequest(object sender, EventArgs e)
        {
            HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "*");

            if (HttpContext.Current.Request.HttpMethod == "OPTIONS")

            {
                HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "*");

                HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "*");

                HttpContext.Current.Response.End();
            }

        }

Modify global profile to solve cross domain problems.

The second way is to make WCF support jsonp.We can enable JSONP in the configuration file.

<binding name="bind1" crossDomainScriptAccessEnabled="true">
</binding>

UPDATE

You can implement idispatchmessageinspector to add response headers before the service responds.

 public class ServerMessageLogger : IDispatchMessageInspector
    {
        public object AfterReceiveRequest(ref Message request, IClientChannel channel, InstanceContext instanceContext)
        {
           return null;
        }

        public void BeforeSendReply(ref Message reply, object correlationState)
        {
            WebOperationContext ctx = WebOperationContext.Current;
            ctx.OutgoingResponse.Headers.Add("Access-Control-Allow-Origin", "*");
        }
    }

For more information about IDispatchMessageInspector,Please refer to the following link:

https://docs.microsoft.com/en-us/dotnet/api/system.servicemodel.dispatcher.idispatchmessageinspector?view=netframework-4.8

CODE

using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Runtime.Serialization;
using System.ServiceModel;
using System.ServiceModel.Channels;
using System.ServiceModel.Description;
using System.ServiceModel.Dispatcher;
using System.ServiceModel.Web;
using System.Text;
using System.Threading.Tasks;
using System.Web;
using System.Xml;

namespace Demo_rest_ConsoleApp
{
    public class ServerMessageLogger : IDispatchMessageInspector
    {
        public object AfterReceiveRequest(ref Message request, IClientChannel channel, InstanceContext instanceContext)
        {
         
            return null;
        }

        public void BeforeSendReply(ref Message reply, object correlationState)
        {

            WebOperationContext ctx = WebOperationContext.Current;
            ctx.OutgoingResponse.Headers.Add("Access-Control-Allow-Origin", "*");
        }
    }
    public class ClientMessageLogger : IClientMessageInspector
    {
        public void AfterReceiveReply(ref Message reply, object correlationState)
        {
    
        }

        public object BeforeSendRequest(ref Message request, IClientChannel channel)
        {
            
            return null;
        }
    }
    [AttributeUsage(AttributeTargets.Interface | AttributeTargets.Class, AllowMultiple = false)]
    public class CustContractBehaviorAttribute : Attribute, IContractBehavior, IContractBehaviorAttribute
    {
        public Type TargetContract => throw new NotImplementedException();

        public void AddBindingParameters(ContractDescription contractDescription, ServiceEndpoint endpoint, BindingParameterCollection bindingParameters)
        {
            return;
        }

        public void ApplyClientBehavior(ContractDescription contractDescription, ServiceEndpoint endpoint, ClientRuntime clientRuntime)
        {
            clientRuntime.ClientMessageInspectors.Add(new ClientMessageLogger());
        }

        public void ApplyDispatchBehavior(ContractDescription contractDescription, ServiceEndpoint endpoint, DispatchRuntime dispatchRuntime)
        {
            dispatchRuntime.MessageInspectors.Add(new ServerMessageLogger());
        }

        public void Validate(ContractDescription contractDescription, ServiceEndpoint endpoint)
        {
            return;
        }
    }
}

Add behavior to service

This is my project directory

App.config

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <startup>
        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />
    </startup>

    <system.serviceModel>
        <services>

            <service name="Demo_rest_ConsoleApp.Service1" behaviorConfiguration="ServiceBehavior">
                <host>
                    <baseAddresses>
                        <add baseAddress="http://localhost:8012/ServiceModelSamples/service"/>
                    </baseAddresses>
                </host>

                <endpoint address=""
                          binding="webHttpBinding"
                          contract="Demo_rest_ConsoleApp.IService1"
                          behaviorConfiguration="ESEndPointBehavior" />
            </service>
        </services>


        <behaviors>
            <endpointBehaviors>
                <behavior name="ESEndPointBehavior">
                    <webHttp helpEnabled="true"/>
                </behavior>
            </endpointBehaviors>

            <serviceBehaviors>
                <behavior name="ServiceBehavior">
                    <serviceMetadata httpGetEnabled="true"/>
                </behavior>
            </serviceBehaviors>

        </behaviors>
    
    </system.serviceModel>
    
</configuration>

dao.cs

using System;
using System.Data;
using System.Data.SqlClient;
namespace Demo_rest_ConsoleApp
{
    public class Sqlservercon
    {
        public UserData Selectuser(string username)
        {
            UserData user = new UserData();
            user.Email = "Test";
            user.Name = "Test";
            user.Password = "Test";
            return user;
        }
        public UserData Adduser(UserData userdata)
        {
            UserData user = new UserData();
            user.Email = "Test";
            user.Name = "Test";
            user.Password = "Test";
            return user;
        }
        public UserData Updateuser(UserData userdata)
        {
            UserData user = new UserData();
            user.Email = "Test";
            user.Name = "Test";
            user.Password = "Test";
            return user;
        }
        public UserData Deleteuser(UserData userdata)
        {
            UserData user = new UserData();
            user.Email = "Test";
            user.Name = "Test";
            user.Password = "Test";
            return user;
        }
    }
}

IService1.cs

using System.Runtime.CompilerServices;
using System.Runtime.Serialization;
using System.ServiceModel;
using System.ServiceModel.Web;
using static Demo_rest_ConsoleApp.soap;

namespace Demo_rest_ConsoleApp
{
    [ServiceContract]
    [CustContractBehavior]
    public interface IService1
    {
        [OperationContract]
        [WebInvoke(Method = "GET", UriTemplate = "user/{name}",ResponseFormat = WebMessageFormat.Json)]
        Result GetUserData(string name);

        [OperationContract]
        [WebInvoke(Method = "POST", UriTemplate = "user", RequestFormat = WebMessageFormat.Json, ResponseFormat = WebMessageFormat.Json)]
        Result PostUserData(UserData user);
        [OperationContract]
        [WebInvoke(Method = "PUT", UriTemplate = "user", RequestFormat = WebMessageFormat.Json, ResponseFormat = WebMessageFormat.Json)]
        Result PutUserData(UserData user);
        [OperationContract]
        [WebInvoke(Method = "DELETE", UriTemplate = "user", RequestFormat = WebMessageFormat.Json, ResponseFormat = WebMessageFormat.Json)]
        Result DeleteUserData(UserData user);
    }
    [DataContract(Name = "user")]
    public class UserData
    {
        [DataMember(Name = "Name")]
        public string Name { get; set; }
        [DataMember(Name = "Password")]
        public string Password { get; set; }
        [DataMember(Name = "Email")]
        public string Email { get; set; }
    }
    [DataContract(Name = "Result")]
    public class Result
    {
        [DataMember(Name = "Stu")]
        public string Stu { get; set; }
        [DataMember(Name = "Code")]
        public int Code { get; set; }
        [DataMember(Name = "UserData")]
        public UserData userData { get; set; }
    }
}

Program.cs

using System;
using System.ServiceModel;
using System.ServiceModel.Description;
namespace Demo_rest_ConsoleApp
{
    class Program
    {
        
        static void Main(string[] args)
        {
           
            ServiceHost selfHost = new ServiceHost(typeof(Service1));
            selfHost.Open();
            Console.WriteLine("Service Open");
            Console.ReadKey();
            selfHost.Close();
        }
    }
}

Service1.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.Serialization;
using System.ServiceModel;
using System.ServiceModel.Activation;
using System.ServiceModel.Web;
using System.Text;
namespace Demo_rest_ConsoleApp
{
 
    public class Service1 : IService1
    {
        Sqlservercon sqlservercon = new Sqlservercon();

        public Result PostUserData(UserData user)
        {
            Result result = new Result();
            if (GetUserData(user.Name).Code == 400)
            {
                sqlservercon.Adduser(user);
                result.Code = 200;
                result.Stu = user.Name + "Success";
                result.userData = user;
                return result;
            }
            else
            {
                result.Code = 400;
                result.Stu = user.Name + "fail";
                return result;
            }
        }

        public Result DeleteUserData(UserData user)
        {
            Result result = new Result();
            if (GetUserData(user.Name).Code == 400)
            {
                result.C