asp.net - CORS settings for IIS 7.5

Question

Could someone please help me, convert the following code for use in the web.config in IIS 7.5 and where in the web.config file I should place each piece of code?

# Always set these headers.
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"

# Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]

Answer 1

If you are asking this to solve CORS problem, you can follow this solution below.

NOTE: Before adding all this you should consider security issues.

1. Add this to your web.config file:

   <system.webServer>
     <httpProtocol>
       <customHeaders>
         <add name="Access-Control-Allow-Origin" value="*" />
         <add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE, HEAD, OPTIONS" />
         <add name="Access-Control-Allow-Credentials" value="true"/>
         <add name="Access-Control-Allow-Headers" value="X-Requested-With, origin, content-type, accept" />
       </customHeaders>
     </httpProtocol>
   </system.webServer>
   

2. If you have Content-type parameter in your ajax call or you are doing PUT request.Those are considered as PreFlight requests.Preflight requests are doing OPTION request before sending main request(PUT,DELETE etc).You can add below method to your global.asax file to pass successfully OPTION process:

   protected void Application_BeginRequest()
   {
       if (Request.Headers.AllKeys.Contains("Origin") && Request.HttpMethod == "OPTIONS")
       {
           Response.Flush();
       }
   }
   

To have more information about Preflight requests you can check here

For solution number 2 you can have detailed information from here