JavaScript CORS used to call asmx web-services

The following example shows how to implement a server implementing an asmx web-service and a JavaScript client invoking it from a different domain. The particularity is that this cross-site invocation requires CORS (Cross-origin resource sharing), supported in IE8+ and other popular browsers.

The server (part 1)

To create the server, I create in Visual Studio an empty web application. Then I add a Search.asmx web-service, adding the following method:


public string DateTimeNow(string Where)


return DateTime.Now.ToLongTimeString() + " in " + Where;


Then to test it I easily deploy it to the Azure Website

The client

To create the client, I create in Visual Studio another empty web application. I add a reference to the jQuery NuGet package, then I add a simple html page and an App.js file.

Here the html page:

<!DOCTYPE html>

<html xmlns="">


<title>My CORS Client Page</title>

<script src="Scripts/jquery-2.1.4.js"></script>

<script src="Scripts/App.js"></script>



<input id="city" type="text" value="Basel" />

<input type="button" value="Press here" onclick="test_cors_client(false, document.getElementById('city').value);" />



The App.js file is copied here too:
function test_cors_client(simple, where)
function escapeHTML(str) {
return str.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');

var soapEnv, soapAction;
if (simple) {
soapEnv =
"<soap:Envelope xmlns:xsi=\"\" xmlns:xsd=\"\" xmlns:soap=\"\"> \
<soap:Body> \
<HelloWorldResponse xmlns=\"\"> \
<HelloWorldResult>string</HelloWorldResult> \
</HelloWorldResponse> \
</soap:Body> \
soapAction = "";
else {
soapEnv =
"<soap:Envelope xmlns:xsi=\"\" xmlns:xsd=\"\" xmlns:soap=\"\"> \
<soap:Body> \
<DateTimeNow xmlns=\"\"> \
<Where>" + escapeHTML(where) + "</Where> \
</DateTimeNow> \
</soap:Body> \
soapAction = "";

//url: "http://localhost:8118/Search.asmx",
url: "",
type: "POST",
dataType: "xml",
data: soapEnv,
complete: processResult,
contentType: "text/xml; charset=\"utf-8\"",
headers: {
"SOAPAction": soapAction
function processResult(xData, status) {
if (status != "success") {
alert("error\n\n" + xData.responseText);
alert("success\n\n" + xData.responseText);
/* var createCORSRequest = function (method, url) {
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr) {
// Most browsers., url, true);
} else if (typeof XDomainRequest != "undefined") {
// IE8 & IE9
xhr = new XDomainRequest();, url);
} else {
// CORS not supported.
xhr = null;
return xhr;

//var url = "http://localhost:8118/Search.asmx";
var url = '';
var method = 'POST';
var xhr = createCORSRequest(method, url);
xhr.setRequestHeader("Content-Type", "text/xml; charset=\"utf-8\"");

xhr.onload = function (e) {
// Success code goes here.
alert('success\n\n' +;

xhr.onerror = function (e) {
// Error code goes here.
alert('error\n\n' +;

xhr.setRequestHeader("SOAPAction", soapAction);

This file contains both the jQuery implementation using $.ajax, and the XmlHttpRequest + XDomainRequest produced using
Trying the example, you will see that it works when the example is run locally (with Service.asmx copied in the same client website), but not with CORS.

The server (part 2)

To enable CORS on the server, we need to add additional headers on the server, and one quick method is to modify the web.config as here below:

<?xml version="1.0" encoding="utf-8"?>


For more information on how to configure your ASP.NET application, please visit




<compilation debug="true" targetFramework="4.5" />

<httpRuntime targetFramework="4.5" />





<add name="Access-Control-Allow-Origin" value="*" />

<add name="Access-Control-Allow-Headers" value="Content-Type, SOAPAction" />





Now it will be possible to invoke the Search.asmx web-service even from another domain through CORS and here is the zip file containing the complete solution: (704.8KB).

A few links used for reference:

Add comment