在Owin启动类中指定域 [英] Specify Domain in Owin Startup Class

问题描述

我创建了一个自带主机Owin / SignalR应用程序，代码类似于本教程中的代码：

SignalR自我主持教程

一切正常，但为安全起见，我想限制它只允许来自特定远程站点的邮件。换句话说，我想替换app.UseCors（CorsOptions.AllowAll）;代码，将应用限制为仅响应来自我定义的网址的邮件，即只允许来自 http：//www.remote_site .com 或某事。

为了参考，这里是我的SignalR启动类的代码：

 使用System; 
 using Microsoft.AspNet.SignalR; 
 using Microsoft.Owin.Hosting; 
使用Owin; 
 using Microsoft.Owin.Cors; 
 
命名空间SignalRSelfHost 
 {
 public class Startup 
 {
 public void Configuration（IAppBuilder app）
 {
 app.UseCors （CorsOptions.AllowAll）; 
 app.MapSignalR（）; 
 
 //如何只允许特定的URL而不是CorsOptions.AllowAll选项？ 
} 
} 
} 
  

解决方案>

下面是 Owin Startup 类的完整实现：​​

  using System.Threading.Tasks; 
 using Microsoft.Owin; 
使用Owin; 
 using Microsoft.Owin.Cors; 
 using System.Web.Cors; 
 
 [assembly：OwinStartup（typeof（SignalRSelfHost.Startup））] 
 
命名空间SignalRSelfHost 
 {
 public class Startup 
 {
 
 public void Configuration（IAppBuilder app）
 {
 var policy = new CorsPolicy（）
 {
 AllowAnyHeader = true，
 AllowAnyMethod = true， 
 SupportsCredentials = true 
}; 
 
 policy.Origins.Add（domain）; //确保包含端口：
 //示例：http：// localhost：8081
 
 app.UseCors（new CorsOptions 
 {
 PolicyProvider = new CorsPolicyProvider 
 {
 PolicyResolver = context => Task.FromResult（policy）
} 
}）; 
 
 app.MapSignalR（）; 
} 
} 
} 
  

服务器接受域名列表，您只需将它们添加到 Origins 。

希望这有助于！祝你好运！

I've created a self hosting Owin/SignalR app with code similar to the code in this tutorial:

SignalR Self Host Tutorial

Everything works, but for security-sake, I'd like to limit it to only allow messages from a specific remote site. In other words, I'd like to replace the "app.UseCors(CorsOptions.AllowAll);" line with code to confine the app to only responding to messages from a URL that I define, i.e. only allow messages from, say, http://www.remote_site.com or something. Is there any easy way to do this?

For reference, here is the code for my SignalR startup class:

using System;
using Microsoft.AspNet.SignalR;
using Microsoft.Owin.Hosting;
using Owin;
using Microsoft.Owin.Cors;

namespace SignalRSelfHost
{
    public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            app.UseCors(CorsOptions.AllowAll);
            app.MapSignalR();

        // How do I only allow a specific URL instead of the "CorsOptions.AllowAll" option?             
        }
    }
}

解决方案

Here is the full implementation of the Owin Startup class:

using System.Threading.Tasks;
using Microsoft.Owin;
using Owin;
using Microsoft.Owin.Cors;
using System.Web.Cors;

[assembly: OwinStartup(typeof(SignalRSelfHost.Startup))]

namespace SignalRSelfHost
{
    public class Startup
    {

        public void Configuration(IAppBuilder app)
        {
            var policy = new CorsPolicy()
            {
                AllowAnyHeader = true,
                AllowAnyMethod = true,
                SupportsCredentials = true
            };

            policy.Origins.Add("domain"); //be sure to include the port:
//example: "http://localhost:8081"

            app.UseCors(new CorsOptions
            {
                PolicyProvider = new CorsPolicyProvider
                {
                    PolicyResolver = context => Task.FromResult(policy)
                }
            });

            app.MapSignalR();
        }
    }
}

Also, if you want to server to accept a list of domains, you simply add them to the Origins.

Hope this helps! Good luck!

这篇关于在Owin启动类中指定域的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！