1

I have been struggling with this issue for last few days and have applied almost all the solutions that I found but I couldnt get it fixed.

I have an ASP.NET MVC application, hosted in IIS7 with SSL applied. In a specific scenario, I have to make an ajax call for an action of my same website without ssl, for which I am trying to implement CORS on my site, but when I try to do the call in IE11, I get Access denied error and the call isnt even appearing in the Network tab of developers tool.

I created a totally new application, thinking that might be some existing setting is messing up but still no hope.

My C# action in new app is a simple action as:

    [HttpPost]
    public ActionResult Data()
    {
        return Content("Hello");
    }

My Index View, which is opened with https is as:

<input type="button" value="Get" onclick="getData();"/>
<script>
function getData() {
$.support.cors = true;
    $.ajax({
        url: "http://example.com/SSLTest/Home/Data",
        type: "POST",
        dataType: "json",
        success: function (e) {
            alert(e);
        },   
error: function(e) {
alert(e.statusText);
   }
    });
}
</script>

The changes that I made in my config file are as:

<system.webServer>
<handlers>
 <remove name="OPTIONSVerbHandler"/>
  <remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
  <remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
  <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
  <add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
  <add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
  <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
   <add name="OPTIONSVerbHandler" path="*" verb="OPTIONS" modules="ProtocolSupportModule" requireAccess="None" responseBufferLimit="4194304" />
</handlers>
 <httpProtocol>
  <customHeaders>
    <add name="Access-Control-Allow-Origin" value="*" />
  <add name="Access-Control-Allow-Credentials" value="true" />
    <add name="Access-Control-Allow-Headers" value="Content-Type" />
    <add name="Access-Control-Allow-Methods" value="GET, POST, OPTIONS" />
  </customHeaders>
</httpProtocol>
</system.webServer>

In web.config for "Access-Control-Allow-Origin", instead of * I specified the origin url, like with https:// but still no hope.

Any help with this regards is highly appreciated

When I click the button, the error part of javascript get executed and there are 3 elements available in the passed parameter:

e.readyState = 0
e.status = 0
e.statusText = "Error: Access is denied.
Improve this question
3
  • Could you please add the exact error message to the question. It doesn't appear to be a CORS issue as the error would normally be complaining about lack of headers; and you appear to have set those headers correctly in the web.config.
    – Rory McCrossan
    Commented Apr 18, 2018 at 12:53
  • @RoryMcCrossan I have updated my question, thanks!
    – Waqar Hussain
    Commented Apr 18, 2018 at 12:59
  • Have you tried adding xhrFields: { withCredentials: true } in the ajax call?
    – Daan Reid
    Commented Oct 30, 2018 at 11:24
Related questions
123
IE9 jQuery AJAX with CORS returns "Access is denied"
1
Access is Denied in IE10 when using CORS to call a local URL
26
CORS request with IE11
Load 7 more related questions Show fewer related questions

0

Reset to default