Specify Domain in Owin Startup Class

I've created a self hosting Owin/SignalR app with code similar to the code in this tutorial:

Everything works, but for security-sake, I'd like to limit it to only allow messages from a specific remote site. In other words, I'd like to replace the "app.UseCors(CorsOptions.AllowAll);" line with code to confine the app to only responding to messages from a URL that I define, i.e. only allow messages from, say, http://www.remote_site.com or something. Is there any easy way to do this?

For reference, here is the code for my SignalR startup class:

using System;
using Microsoft.AspNet.SignalR;
using Microsoft.Owin.Hosting;
using Owin;
using Microsoft.Owin.Cors;

namespace SignalRSelfHost
{
    public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            app.UseCors(CorsOptions.AllowAll);
            app.MapSignalR();

        // How do I only allow a specific URL instead of the "CorsOptions.AllowAll" option?             
        }
    }
}

标签： c# visual-studio-2012 signalr cors owin

2条回答

贪生不怕死

2楼-- · 2019-01-23 15:09

Here's the code that I mentioned in a comment above:

public class Startup
{

    public void Configuration(IAppBuilder app)
    {
        app.UseCors(_corsOptions.Value);
        app.MapSignalR(); 
    }


    private static Lazy<CorsOptions> _corsOptions = new Lazy<CorsOptions>(() =>
    {
        return new CorsOptions
        {
            PolicyProvider = new CorsPolicyProvider
            {
                PolicyResolver = context =>
                {
                    var policy = new CorsPolicy();
                    policy.Origins.Add("http://localhost:8081");
                    policy.AllowAnyMethod = true;
                    policy.AllowAnyHeader = true;
                    policy.SupportsCredentials = true;
                    return Task.FromResult(policy);
                }
            }
        };
    });

}

This works, but I think Matei's answer above is cleaner and simpler.

0人赞添加讨论(0) 举报

男人必须洒脱

3楼-- · 2019-01-23 15:16

Here is the full implementation of the Owin Startup class:

using System.Threading.Tasks;
using Microsoft.Owin;
using Owin;
using Microsoft.Owin.Cors;
using System.Web.Cors;

[assembly: OwinStartup(typeof(SignalRSelfHost.Startup))]

namespace SignalRSelfHost
{
    public class Startup
    {

        public void Configuration(IAppBuilder app)
        {
            var policy = new CorsPolicy()
            {
                AllowAnyHeader = true,
                AllowAnyMethod = true,
                SupportsCredentials = true
            };

            policy.Origins.Add("domain"); //be sure to include the port:
//example: "http://localhost:8081"

            app.UseCors(new CorsOptions
            {
                PolicyProvider = new CorsPolicyProvider
                {
                    PolicyResolver = context => Task.FromResult(policy)
                }
            });

            app.MapSignalR();
        }
    }
}

Also, if you want to server to accept a list of domains, you simply add them to the Origins.

Hope this helps! Good luck!

0人赞添加讨论(0) 举报

Specify Domain in Owin Startup Class

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间