Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
396 views
in Technique[技术] by (71.8m points)

c# - Specify Domain in Owin Startup Class

I've created a self hosting Owin/SignalR app with code similar to the code in this tutorial:

SignalR Self Host Tutorial

Everything works, but for security-sake, I'd like to limit it to only allow messages from a specific remote site. In other words, I'd like to replace the "app.UseCors(CorsOptions.AllowAll);" line with code to confine the app to only responding to messages from a URL that I define, i.e. only allow messages from, say, http://www.remote_site.com or something. Is there any easy way to do this?

For reference, here is the code for my SignalR startup class:

using System;
using Microsoft.AspNet.SignalR;
using Microsoft.Owin.Hosting;
using Owin;
using Microsoft.Owin.Cors;

namespace SignalRSelfHost
{
    public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            app.UseCors(CorsOptions.AllowAll);
            app.MapSignalR();

        // How do I only allow a specific URL instead of the "CorsOptions.AllowAll" option?             
        }
    }
}
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Here is the full implementation of the Owin Startup class:

using System.Threading.Tasks;
using Microsoft.Owin;
using Owin;
using Microsoft.Owin.Cors;
using System.Web.Cors;

[assembly: OwinStartup(typeof(SignalRSelfHost.Startup))]

namespace SignalRSelfHost
{
    public class Startup
    {

        public void Configuration(IAppBuilder app)
        {
            var policy = new CorsPolicy()
            {
                AllowAnyHeader = true,
                AllowAnyMethod = true,
                SupportsCredentials = true
            };

            policy.Origins.Add("domain"); //be sure to include the port:
//example: "http://localhost:8081"

            app.UseCors(new CorsOptions
            {
                PolicyProvider = new CorsPolicyProvider
                {
                    PolicyResolver = context => Task.FromResult(policy)
                }
            });

            app.MapSignalR();
        }
    }
}

Also, if you want to server to accept a list of domains, you simply add them to the Origins.

Hope this helps! Good luck!


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...