创建一个Mvc项目 域名：http://localhost:24102

Home控制器

using MvcApp.Filters;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;

namespace MvcApp.Controllers
{
    [AllowCors("http://localhost:13433","http://localhost:13435")]
    //[AllowCors]
    public class HomeController : Controller
    {       
        public ActionResult Index()
        {
            return View();
        }

        public ActionResult Test()
        {
            var json = new { Name = "Server" };
            return Json(json,JsonRequestBehavior.AllowGet);
        }

    }
}

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;

namespace MvcApp.Filters
{
    public class AllowCorsAttribute:ActionFilterAttribute
    {
        private string[] _domains;
        public AllowCorsAttribute()
        {
            //如果[AllowCors]特性标签没有带域名，那么就从配置文件中读取允许访问的域名，然后将它赋给_domains
            //_domains = 这里应该是从配置文件中读出来的所有域名组成的数组
            _domains = new string[] { "","" };
        }
        public AllowCorsAttribute(params string[] domain)
        {
            _domains = domain;
        }
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            var urlReferrer = filterContext.HttpContext.Request.UrlReferrer;
            if (urlReferrer != null)
            {
                var absolutePath = urlReferrer.OriginalString;
                var absolutePathFormat = absolutePath.Substring(0,absolutePath.Length - 1);
                if (_domains.Contains(absolutePathFormat))
                {
                    filterContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin",absolutePathFormat);
                }
            }
            else
            {
                //如果urlReferrer为空，我理解为自己本地访问(亲自测试，本地访问urlReferrer为null)
                filterContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin","*");
            }
            filterContext.HttpContext.Response.AddHeader("Access-Control-Allow-Methods","GET,HEAD,OPTIONS,POST,PUT");
            filterContext.HttpContext.Response.AddHeader("Access-Control-Allow-Headers","Access-Control-Allow-Headers,Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers");
            base.OnActionExecuting(filterContext);
        }
    }
}

@{
    ViewBag.Title = "Index";
}

<h2>Index</h2>

<script type="text/javascript">
    $.ajax({
        url: 'http://localhost:24102/Home/Test',type: 'Post',success: function (data,textStatus) {
            alert(data.Name);
        },error:function(XMLHttpRequest,textStatus,errorThrown){
            alert(XMLHttpRequest.state);
        }

    })
</script>