在Owin启动类中指定域 [英] Specify Domain in Owin Startup Class
问题描述
我创建了一个自带主机Owin / SignalR应用程序,代码类似于本教程中的代码:
一切正常,但为安全起见,我想限制它只允许来自特定远程站点的邮件。换句话说,我想替换app.UseCors(CorsOptions.AllowAll);代码,将应用限制为仅响应来自我定义的网址的邮件,即只允许来自 http://www.remote_site .com 或某事。
为了参考,这里是我的SignalR启动类的代码:
使用System;
using Microsoft.AspNet.SignalR;
using Microsoft.Owin.Hosting;
使用Owin;
using Microsoft.Owin.Cors;
命名空间SignalRSelfHost
{
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.UseCors (CorsOptions.AllowAll);
app.MapSignalR();
//如何只允许特定的URL而不是CorsOptions.AllowAll选项?
}
}
}
下面是 Owin Startup
类的完整实现:
using System.Threading.Tasks;
using Microsoft.Owin;
使用Owin;
using Microsoft.Owin.Cors;
using System.Web.Cors;
[assembly:OwinStartup(typeof(SignalRSelfHost.Startup))]
命名空间SignalRSelfHost
{
public class Startup
{
public void Configuration(IAppBuilder app)
{
var policy = new CorsPolicy()
{
AllowAnyHeader = true,
AllowAnyMethod = true,
SupportsCredentials = true
};
policy.Origins.Add(domain); //确保包含端口:
//示例:http:// localhost:8081
app.UseCors(new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(policy)
}
});
app.MapSignalR();
}
}
}
服务器接受域名列表,您只需将它们添加到 Origins
。
希望这有助于!祝你好运!
I've created a self hosting Owin/SignalR app with code similar to the code in this tutorial:
Everything works, but for security-sake, I'd like to limit it to only allow messages from a specific remote site. In other words, I'd like to replace the "app.UseCors(CorsOptions.AllowAll);" line with code to confine the app to only responding to messages from a URL that I define, i.e. only allow messages from, say, http://www.remote_site.com or something. Is there any easy way to do this?
For reference, here is the code for my SignalR startup class:
using System;
using Microsoft.AspNet.SignalR;
using Microsoft.Owin.Hosting;
using Owin;
using Microsoft.Owin.Cors;
namespace SignalRSelfHost
{
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.UseCors(CorsOptions.AllowAll);
app.MapSignalR();
// How do I only allow a specific URL instead of the "CorsOptions.AllowAll" option?
}
}
}
Here is the full implementation of the Owin Startup
class:
using System.Threading.Tasks;
using Microsoft.Owin;
using Owin;
using Microsoft.Owin.Cors;
using System.Web.Cors;
[assembly: OwinStartup(typeof(SignalRSelfHost.Startup))]
namespace SignalRSelfHost
{
public class Startup
{
public void Configuration(IAppBuilder app)
{
var policy = new CorsPolicy()
{
AllowAnyHeader = true,
AllowAnyMethod = true,
SupportsCredentials = true
};
policy.Origins.Add("domain"); //be sure to include the port:
//example: "http://localhost:8081"
app.UseCors(new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(policy)
}
});
app.MapSignalR();
}
}
}
Also, if you want to server to accept a list of domains, you simply add them to the Origins
.
Hope this helps! Good luck!
这篇关于在Owin启动类中指定域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!