Bootstrap
登录 注册

.NET Framework 等效于 IApplicationBuilder.UseForwardedHeaders()

asp.netsslwebformsowinowin-middleware
发布时间:2021-02-26 08:52

我正在使用在 .NET Framework 4.7.2 上运行的 ASP.NET WebForms 应用程序,该应用程序位于 Azure 应用程序网关后面。网关执行 SSL 切换,因此添加 X-Forwarded-Proto="https" 标头。

我还有一个 .NET Core API,我可以在其中进行配置

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    app.UseForwardedHeaders();
    app.UseHsts();
    app. //...
}

这被记录在 here 中,但特定于 .NET Core。

我一直无法为 .NET Framework 找到等效的 UseForwardedHeaders - 有等效的吗?

另外,WebForms 应用程序运行在 OWIN 上,所以我可以做这样的事情,但我不知道如何完成它。

public void Configuration(IAppBuilder app)
{
    app.Use(async (context, next) =>
            {
                var forwardedProto = context.Request.Headers["X-Forwarded-Proto"];

                if (forwardedProto.ToLower() == "https")
                {
                    // what now?
                }

                await next();
            });
}

是否有适用于 .NET Framework 的现成解决方案,或有关如何最好地处理此问题的建议?

回答1

我最终构建了自己的中间件。

public static class UseForwardedHeadersExtension
{
    private const string ForwardedHeadersAdded = "ForwardedHeadersAdded";

    /// <summary>
    /// Checks for the presence of <c>X-Forwarded-For</c> and <c>X-Forwarded-Proto</c> headers, and if present updates the properties of the request with those headers' details.
    /// </summary>
    /// <remarks>
    /// This extension method is needed for operating our website on an HTTP connection behind a proxy which handles SSL hand-off. Such a proxy adds the <c>X-Forwarded-For</c>
    /// and <c>X-Forwarded-Proto</c> headers to indicate the nature of the client's connection.
    /// </remarks>
    public static IAppBuilder UseForwardedHeaders(this IAppBuilder app)
    {
        if (app == null)
        {
            throw new ArgumentNullException(nameof(app));
        }

        // No need to add more than one instance of this middleware to the pipeline.
        if (!app.Properties.ContainsKey(ForwardedHeadersAdded))
        {
            app.Properties[ForwardedHeadersAdded] = true;

            app.Use(async (context, next) =>
                    {
                        var request = context.Request;

                        if (request.Scheme != Uri.UriSchemeHttps && String.Equals(request.Headers["X-Forwarded-Proto"], Uri.UriSchemeHttps, StringComparison.OrdinalIgnoreCase))
                        {
                            var httpContext = context.Get<HttpContextBase>(typeof(HttpContextBase).FullName);
                            var serverVars = httpContext.Request.ServerVariables;
                            serverVars["HTTPS"] = "on";
                            serverVars["SERVER_PORT_SECURE"] = "1";
                            serverVars["SERVER_PORT"] = "443";
                            serverVars["HTTP_HOST"] = request.Headers.ContainsKey("X-Forwarded-Host") ? request.Headers["X-Forwarded-Host"] : serverVars["HTTP_HOST"];
                        }

                        await next.Invoke().ConfigureAwait(false);
                    });
        }

        return app;
    }
}
asp.net 相关推荐
ssl 相关推荐
webforms 相关推荐
owin 相关推荐
owin-middleware 相关推荐