CORS setting for SOAP API for .Net

Recently, I and my team have been working with SOAP API, which we are trying to develop using ASP.Net. And we are having our client app (front-end) in Anguler. When we were trying to consume our SOAP API from our Angular app, we were getting 401 Unauthorized errors. After digging down, we found that the CORS Preflight call that precedes the cross-domain web service request is giving this 401 error.

However, when we relocate the web service to the same server as the application, the calls function flawlessly. Long story short, in the process of getting the solution, we discovered that there is not sufficient blog or article on this topic. So here I will try to describe the solution in a short form.

In the Web.config file of this web service, we have to add the following XML, which will enable the cross-domain API consumption feature. In short, it will be CORS enabled.

<system.webServer>
  <httpProtocol>
    <customHeaders>
      <add name="Access-Control-Allow-Origin"
           value="*" />
      <add name="Access-Control-Allow-Credentials"
           value="true" />
      <add name="Access-Control-Allow-Headers"
           value="SOAPAction, Content-Type,Authorization" />
      <add name="Access-Control-Allow-Methods"
           value="GET, POST, OPTIONS" />
    </customHeaders>
  </httpProtocol>
</system.webServer>

In the time of adding the above XML, we have to be careful to add this after </system.web> tag.

<system.web>
</system.web>

In some solutions, we found that the solution XML has been added under <system.web>, which didn't work for us.

I hope it will help you guys in your code journey. Happy Coding. :)