diff --git a/src/MusicStore/Areas/Admin/Controllers/StoreManagerController.cs b/src/MusicStore/Areas/Admin/Controllers/StoreManagerController.cs
index 58caf0666f..b5d5b5ebe2 100644
--- a/src/MusicStore/Areas/Admin/Controllers/StoreManagerController.cs
+++ b/src/MusicStore/Areas/Admin/Controllers/StoreManagerController.cs
@@ -2,6 +2,7 @@
 using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Cors.Core;
 using Microsoft.AspNet.Mvc;
 using Microsoft.AspNet.Mvc.Rendering;
 using Microsoft.AspNet.SignalR;
@@ -196,6 +197,7 @@ namespace MusicStore.Areas.Admin.Controllers
         // Note: Added for automated testing purpose. Application does not use this.
         [HttpGet]
         [SkipStatusCodePages]
+        [EnableCors("CorsPolicy")]
         public async Task<IActionResult> GetAlbumIdFromName(string albumName)
         {
             var album = await DbContext.Albums.Where(a => a.Title == albumName).FirstOrDefaultAsync();
diff --git a/src/MusicStore/Startup.cs b/src/MusicStore/Startup.cs
index 71964b2b69..d1690a80fa 100644
--- a/src/MusicStore/Startup.cs
+++ b/src/MusicStore/Startup.cs
@@ -76,6 +76,14 @@ namespace MusicStore
                 options.ClientSecret = "GaMQ2hCnqAC6EcDLnXsAeBVIJOLmeutL";
             });
 
+            services.ConfigureCors(options =>
+            {
+                options.AddPolicy("CorsPolicy", builder =>
+                {
+                    builder.WithOrigins("http://example.com");
+                });
+            });
+
             // Add MVC services to the services container
             services.AddMvc();
 
diff --git a/src/MusicStore/StartupNtlmAuthentication.cs b/src/MusicStore/StartupNtlmAuthentication.cs
index 91b00a062f..09c3300bc9 100644
--- a/src/MusicStore/StartupNtlmAuthentication.cs
+++ b/src/MusicStore/StartupNtlmAuthentication.cs
@@ -50,6 +50,14 @@ namespace MusicStore
                     .AddDbContext<MusicStoreContext>(options =>
                             options.UseSqlServer(Configuration.Get("Data:DefaultConnection:ConnectionString")));
 
+            services.ConfigureCors(options =>
+            {
+                options.AddPolicy("CorsPolicy", builder =>
+                {
+                    builder.WithOrigins("http://example.com");
+                });
+            });
+
             // Add MVC services to the services container
             services.AddMvc();
 
diff --git a/src/MusicStore/StartupOpenIdConnect.cs b/src/MusicStore/StartupOpenIdConnect.cs
index dec50dd1f7..6ec124342e 100644
--- a/src/MusicStore/StartupOpenIdConnect.cs
+++ b/src/MusicStore/StartupOpenIdConnect.cs
@@ -70,6 +70,14 @@ namespace MusicStore
                 options.ClientId = "[ClientId]";
             });
 
+            services.ConfigureCors(options =>
+            {
+                options.AddPolicy("CorsPolicy", builder =>
+                {
+                    builder.WithOrigins("http://example.com");
+                });
+            });
+
             // Add MVC services to the services container
             services.AddMvc();
 
diff --git a/test/E2ETests/E2ETests.xproj b/test/E2ETests/E2ETests.xproj
index 9c0d9e947a..fb2da94deb 100644
--- a/test/E2ETests/E2ETests.xproj
+++ b/test/E2ETests/E2ETests.xproj
@@ -13,6 +13,9 @@
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
+  <ItemGroup>
+    <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
+  </ItemGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
   <ProjectExtensions>
     <VisualStudio>
diff --git a/test/E2ETests/Implementation/Scenarios.cs b/test/E2ETests/Implementation/Scenarios.cs
index 790abd087a..eb80b34800 100644
--- a/test/E2ETests/Implementation/Scenarios.cs
+++ b/test/E2ETests/Implementation/Scenarios.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.Linq;
 using System.Net;
 using System.Net.Http;
 using System.Threading;
@@ -346,9 +347,21 @@ namespace E2ETests
 
         private string FetchAlbumIdFromName(string albumName)
         {
+            // Run some CORS validation.
             _logger.LogInformation("Fetching the album id of '{album}'", albumName);
+            _httpClient.DefaultRequestHeaders.Add("Origin", "http://notpermitteddomain.com");
             var response = _httpClient.GetAsync(string.Format("Admin/StoreManager/GetAlbumIdFromName?albumName={0}", albumName)).Result;
             ThrowIfResponseStatusNotOk(response);
+            IEnumerable<string> values;
+            Assert.False(response.Headers.TryGetValues("Access-Control-Allow-Origin", out values));
+
+            _httpClient.DefaultRequestHeaders.Remove("Origin");
+            _httpClient.DefaultRequestHeaders.Add("Origin", "http://example.com");
+            response = _httpClient.GetAsync(string.Format("Admin/StoreManager/GetAlbumIdFromName?albumName={0}", albumName)).Result;
+            ThrowIfResponseStatusNotOk(response);
+            Assert.Equal("http://example.com", response.Headers.GetValues("Access-Control-Allow-Origin").First());
+            _httpClient.DefaultRequestHeaders.Remove("Origin");
+
             var albumId = response.Content.ReadAsStringAsync().Result;
             _logger.LogInformation("Album id for album '{album}' is '{id}'", albumName, albumId);
             return albumId;
@@ -454,4 +467,4 @@ namespace E2ETests
             }
         }
     }
-}
+}
\ No newline at end of file
diff --git a/test/E2ETests/compiler/shared/Mocks/StartupOpenIdConnectTesting.cs b/test/E2ETests/compiler/shared/Mocks/StartupOpenIdConnectTesting.cs
index 89cffa0e12..6e06939bdc 100644
--- a/test/E2ETests/compiler/shared/Mocks/StartupOpenIdConnectTesting.cs
+++ b/test/E2ETests/compiler/shared/Mocks/StartupOpenIdConnectTesting.cs
@@ -76,6 +76,14 @@ namespace MusicStore
                 };
             });
 
+            services.ConfigureCors(options =>
+            {
+                options.AddPolicy("CorsPolicy", builder =>
+                {
+                    builder.WithOrigins("http://example.com");
+                });
+            });
+
             // Add MVC services to the services container
             services.AddMvc();
 
diff --git a/test/E2ETests/compiler/shared/Mocks/StartupSocialTesting.cs b/test/E2ETests/compiler/shared/Mocks/StartupSocialTesting.cs
index 6789f5daae..2171a6a9ef 100644
--- a/test/E2ETests/compiler/shared/Mocks/StartupSocialTesting.cs
+++ b/test/E2ETests/compiler/shared/Mocks/StartupSocialTesting.cs
@@ -137,6 +137,14 @@ namespace MusicStore
                 options.Scope.Add("wl.signin");
             });
 
+            services.ConfigureCors(options =>
+            {
+                options.AddPolicy("CorsPolicy", builder =>
+                {
+                    builder.WithOrigins("http://example.com");
+                });
+            });
+
             // Add MVC services to the services container
             services.AddMvc();
 
diff --git a/test/MusicStore.Spa.Test/MusicStore.Spa.Test.xproj b/test/MusicStore.Spa.Test/MusicStore.Spa.Test.xproj
index bdc0cfd13e..2fd8d2875d 100644
--- a/test/MusicStore.Spa.Test/MusicStore.Spa.Test.xproj
+++ b/test/MusicStore.Spa.Test/MusicStore.Spa.Test.xproj
@@ -4,7 +4,6 @@
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
-
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>9d3326c4-1f12-4526-9f25-712a1463b3fa</ProjectGuid>
@@ -12,9 +11,11 @@
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
-
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
+  <ItemGroup>
+    <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
+  </ItemGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file
diff --git a/test/MusicStore.Test/MusicStore.Test.xproj b/test/MusicStore.Test/MusicStore.Test.xproj
index ec10069089..4b88d9adcf 100644
--- a/test/MusicStore.Test/MusicStore.Test.xproj
+++ b/test/MusicStore.Test/MusicStore.Test.xproj
@@ -14,5 +14,8 @@
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
+  <ItemGroup>
+    <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
+  </ItemGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file