asp.net web api - CORS implementation in WEBAPI - .net framework 4.0 -

i bit new webapi , want implement cors (cross origin resource sharing) on web api. referring microsoft link. install nuget package using

pm> install-package microsoft.aspnet.cors -version 5.0.0-rc1 -pre 

however, using .net framework 4.0 , not working. afterwards used nuget command:

install-package microsoft.aspnet.webapi -version 4.0.20710 

but not contain cors class. so, have other different way implement cors?

i use following , works fine me (thought not sure "4.0 client profile" bit) :

public class corshandler : delegatinghandler {     private const string origin = "origin";     private const string accesscontrolrequestmethod = "access-control-request-method";     private const string accesscontrolrequestheaders = "access-control-request-headers";     private const string accesscontrolalloworigin = "access-control-allow-origin";     private const string accesscontrolallowmethods = "access-control-allow-methods";     private const string accesscontrolallowheaders = "access-control-allow-headers";  protected override task<httpresponsemessage> sendasync(httprequestmessage request, cancellationtoken cancellationtoken) {     bool iscorsrequest = request.headers.contains(origin);     bool ispreflightrequest = request.method == httpmethod.options;     if (iscorsrequest)         {             if (ispreflightrequest)             {                 var response = new httpresponsemessage(httpstatuscode.ok);                 response.headers.add(accesscontrolalloworigin, request.headers.getvalues(origin).first());                  string accesscontrolrequestmethod = request.headers.getvalues(accesscontrolrequestmethod).firstordefault();                 if (accesscontrolrequestmethod != null)                 {                     response.headers.add(accesscontrolallowmethods, accesscontrolrequestmethod);                 }                  string requestedheaders = string.join(", ", request.headers.getvalues(accesscontrolrequestheaders));                 if (!string.isnullorempty(requestedheaders))                 {                     response.headers.add(accesscontrolallowheaders, requestedheaders);                 }                  var tcs = new taskcompletionsource<httpresponsemessage>();                 tcs.setresult(response);                 return tcs.task;             }              return base.sendasync(request, cancellationtoken).continuewith(t =>             {                 httpresponsemessage resp = t.result;                 resp.headers.add(accesscontrolalloworigin, request.headers.getvalues(origin).first());                      return resp;                 });             }             return base.sendasync(request, cancellationtoken);         }     } 

remember register in app start (mine in global.asax)

globalconfiguration.configuration.messagehandlers.add(new corshandler());