解决方法一：

public class CrosHandler : DelegatingHandler
    {
        private const string Origin = "Origin";
        private const string AccessControlRequestMethod = "Access-Control-Request-Method";
        private const string AccessControlRequestHeaders = "Access-Control-Request-Headers";
        private const string AccessControlAllowOrign = "Access-Control-Allow-Origin";
        private const string AccessControlAllowMethods = "Access-Control-Allow-Methods";
        private const string AccessControlAllowHeaders = "Access-Control-Allow-Headers";
        private const string AccessControlAllowCredentials = "Access-Control-Allow-Credentials";

        /// <summary>
        /// 异步发送 HTTP 请求到要发送到服务器的内部处理程序
        /// </summary>
        /// <param name="request"></param>
        /// <param name="cancellationToken"></param>
        /// <returns></returns>
        protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            bool isCrosRequest = request.Headers.Contains(Origin);
            //是否预请求
            bool isPrefilightRequest = request.Method == HttpMethod.Options;
            if (isCrosRequest)
            {
                Task<HttpResponseMessage> taskResult = null;
                if (isPrefilightRequest)
                {
                    taskResult = Task.Factory.StartNew<HttpResponseMessage>(() =>
                    {
                        HttpResponseMessage response = new HttpResponseMessage(HttpStatusCode.Accepted);
                        response.Headers.Add(AccessControlAllowOrign, request.Headers.GetValues(Origin).FirstOrDefault());

                        string method = request.Headers.GetValues(AccessControlRequestMethod).FirstOrDefault();
                        if (!string.IsNullOrEmpty(method))
                        {
                            response.Headers.Add(AccessControlAllowMethods, method);
                        }

                        string headers = string.Join(", ", request.Headers.GetValues(AccessControlRequestHeaders));
                        if (!string.IsNullOrEmpty(headers))
                        {
                            response.Headers.Add(AccessControlAllowHeaders, headers);
                        }

                        response.Headers.Add(AccessControlAllowCredentials, "true");
                        return response;
                    }, cancellationToken);
                }
                else
                {
                    taskResult = base.SendAsync(request, cancellationToken).ContinueWith<HttpResponseMessage>(t =>
                    {
                        var response = t.Result;
                        response.Headers.Add(AccessControlAllowOrign, request.Headers.GetValues(Origin).FirstOrDefault());
                        response.Headers.Add(AccessControlAllowCredentials, "true");
                        return response;
                    }, cancellationToken);
                }
                return taskResult;
            }
            return base.SendAsync(request, cancellationToken);
        }
    }

调用：

调用方式：在Global.asax文件的Application_Start方法添加GlobalConfiguration.Configuration.MessageHandlers.Add(new CrosHandler());或者在WebApiConfig.cs下面添加：config.MessageHandlers.Add(new CrosHandler());

解决方法二：

在Web.config下的<system.webServer>节点之间添加一下代码：

<httpProtocol>
          <customHeaders>
            <add name="Access-Control-Allow-Origin" value="*" />
            <add name="Access-Control-Allow-Headers" value="Access-Control-Allow-Origin, AppKey, Authorization" />
            <add name="Access-Control-Allow-Methods" value="GET, POST, OPTIONS" />
            <add name="Access-Control-Request-Methods" value="GET, POST, OPTIONS" />
          </customHeaders>
       </httpProtocol>