<httpProtocol> <customHeaders> <!-- <add name="Access-Control-Allow-Origin

1. <httpProtocol>
2. <customHeaders>
3. <!-- <add name="Access-Control-Allow-Origin" value="*" /> -->
4. <add name="Access-Control-Allow-Headers" value="X-AspNet-Version,X-Powered-By,Date,Server,Accept,Accept-Encoding,Accept-Language,Cache-Control,Connection,Content-Length,Content-Type,Host,Origin,Pragma,Referer,User-Agent" />
5. <add name="Access-Control-Allow-Methods" value="GET,POST,PUT,DELETE,OPTIONS" />
6. <add name="Access-Control-Allow-Credentials" value="true" />
7. </customHeaders>
8. </httpProtocol>
9.  
10. public override void OnActionExecuted(System.Web.Http.Filters.HttpActionExecutedContext context)
11. {
12. if (context.Exception != null) // hndle exception your self
13. {
14. Debug.WriteLineIf(PassPlayEnvironment.AuthenitcationSwitch.TraceInfo,
15. string.Format("{0}: OnActionExecuted exception: {1}", Thread.CurrentThread.ManagedThreadId, context.Exception.Message));
16.  
17. // handle/format exception
18. context.Response = HandleException(context.Exception, context.ActionContext.ActionArguments);
19. }
20. else
21. {
22. Debug.WriteLineIf(PassPlayEnvironment.AuthenitcationSwitch.TraceInfo,
23. string.Format("{0}: OnActionExecuted: {1} Time: {2}", Thread.CurrentThread.ManagedThreadId,context.Response.StatusCode, this.auditData.ElapsedTime));
24.  
25. // log what happened
26. auditData.WriteLog();
27.  
28. if (context.Request.Headers.Referrer != null)
29. {
30. string corsValue = context.Request.Headers.Referrer.GetLeftPart(UriPartial.Authority);
31. context.Response.Headers.Remove("Access-Control-Allow-Origin");
32. context.Response.Headers.Add("Access-Control-Allow-Origin", corsValue);
33. }
34. // return data
35. base.OnActionExecuted(context);
36. }
37. }
38.  
39. var xmlhttp = new XMLHttpRequest();
40. xmlhttp.withCredentials = true;
41. xmlhttp.open("GET", “ntlm_xxxxyyy.uuu/login”, true);
42. xmlhttp.send();
43. xmlhttp.onreadystatechange = function () {}