I searched a lot on Google and Stack overflow to find a solution for my problem, but nothing worked.
Here is my problem:
I use IIS 7 with a special programming environment called WebDEV that does not allow direct manipulation of
OPTIONS
HTTP method. So, all solutions suggesting some kind of server-side request handling using code are not feasible.I have to use Window authentication and disable anonymous access
I have a page that uses CORS to POST to this server. As this POST should have
Content-type: Octet-stream
, a preflight is issued by the browser.When I enable anonymous access, everything works fine (CORS is well configured)
When I disable anonymous access, the server replies with HTTP 401 unauthorized response to the preflight request, as it does not contain credentials information.
I tried to write a module for IIS that accepts OPTIONS requests like this, but it did not work (couldn't add the module correctly to IIS, maybe)
public class CORSModule : IHttpModule { public void Dispose() { } public void Init(HttpApplication context) { context.PreSendRequestHeaders += delegate { if (context.Request.HttpMethod == "OPTIONS") { var response = context.Response; response.StatusCode = (int)HttpStatusCode.OK; } }; } }
The question is: How can I make IIS respond with HTTP 200 to the preflight request without enabling anonymous access or writing some server-side code? Is there an easy configuration or a ready-made module for IIS to do so? At least, what are the detailed steps to install the above module into IIS 7?