EnableAccess-Control-Allow-OrigininIIS6&IIS7forwebapicalls

To allow your newly created webapi web service calls to be accessed from ajax post calls from another website you need to enable this setting in either IIS6 or IIS7

IIS6

Open Internet Information Service (IIS) Manager Right click the site you want to enable CORS for and go to Properties Change to the HTTP Headers tab In the Custom HTTP headers section, click Add Enter Access-Control-Allow-Origin as the header name Enter * as the header value Click Ok twice

IIS7 – Add this to your web.config

<?xml version="1.0" encoding="utf-8"?>
<configuration>
 <system.webServer>
   <httpProtocol>
     <customHeaders>
       <add name="Access-Control-Allow-Origin" value="*" />
     </customHeaders>
   </httpProtocol>
 </system.webServer>
</configuration>

转自：http://www.figers.com/Blog/2013/03/21/enable-access-control-allow-origin-in-iis6-iis7-for-webapi-calls/