var cookie = new CookieHeaderValue("access_token", token); cooki

1. var cookie = new CookieHeaderValue("access_token", token);
2. cookie.Expires = DateTimeOffset.Now.AddDays(1);
3. cookie.Domain = Request.RequestUri.Host;
4. cookie.Path = "/";
5. //cookie.Secure = false;
6. //cookie.HttpOnly = false;
7.  
8. response.Headers.AddCookies(new CookieHeaderValue[] { cookie });
9.  
10. <httpProtocol>
11. <customHeaders>
12. <add name="Access-Control-Allow-Headers" value="Content-Type, *" />
13. <add name="Access-Control-Allow-Methods" value="POST,GET,OPTIONS,PUT,DELETE" />
14. <add name="Access-Control-Allow-Origin" value="*" />
15. <add name="Access-Control-Allow-Credentials" value="true" />
16. </customHeaders>
17. </httpProtocol>
18.  
19. var xhr = new XMLHttpRequest();
20. var data = { UserName: "user", Password: "password" };
21.  
22. xhr.open("POST", "TheURL", true);
23. xhr.setRequestHeader("Content-type", "application/json");
24. xhr.withCredentials = true;
25. xhr.onreadystatechange = function () {
26. if (xhr.readyState === 4) {
27. if (xhr.status === 200) {
28. //Success
29. }
30. else {
31. //Failure
32. }
33. }
34. }
35. xhr.send(JSON.stringify(data));
36. }
37.  
38. var xhr = new XMLHttpRequest();
39.  
40. xhr.open("GET", "TheURL", true);
41. xhr.setRequestHeader("Content-type", "application/json");
42. xhr.withCredentials = true;
43. xhr.onreadystatechange = function () {
44. if (xhr.readyState == 4) {
45. //Do stuff with the data
46. }
47. else {
48. //Deal with the error
49. }
50. }
51.  
52. xhr.send(); //No Cookie is sent.