在 mvc4 WebApi 中 json 的 跨域访问

 

问题：

SEC7120: 在 Access-Control-Allow-Origin 标头中未找到源

解决：

/// <summary>
  /// 允许CrossJson
  /// </summary>
  public class AllowCrossSiteJsonAttribute : ActionFilterAttribute
  {
      public override void OnActionExecuting(HttpActionContext actionContext)
      {
          if (actionContext == null)
          {
              throw new ArgumentNullException("actionContext");
          }

          //actionContext.Response.Headers.Add("Access-Control-Allow-Origin", "*");

 

          //HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "*");
          //actionContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", "*");
          base.OnActionExecuting(actionContext);
      }

      public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)
      {
          if (actionExecutedContext == null)
          {
              throw new ArgumentNullException("actionExecutedContext");
          }
          Debug.Assert(actionExecutedContext.Response != null, "actionExecutedContext.Response != null");

          Debug.Assert(actionExecutedContext.Response.Headers != null, "actionExecutedContext.Response.Headers != null");
          actionExecutedContext.Response.Headers.Add("Access-Control-Allow-Origin", "*");
          base.OnActionExecuted(actionExecutedContext);
      }
  }

 

 

要注意的是 “ActionFilterAttribute” 是  System.Web.Http.Filters 命名空间的中， 不是 Mvc中的。

 

public class UserController : ApiController
   {

[AllowCrossSiteJson]

       public UserInfo Get()
       {
           return new UserInfo
           {
               UserName = ICasAuthenticator.GetName()
           };
       }

｝

 

这样就好了，

其实Api Controller的代码路径更短了。