Skip to content

Commit 2526779

Browse files
svenziksvenzik
committed
Add configuration for allowing http connection during development
WE2-967 Signed-off-by: Sven Mitt <[email protected]>
1 parent 0e98785 commit 2526779

File tree

1 file changed

+73
-11
lines changed

1 file changed

+73
-11
lines changed

example/src/WebEid.AspNetCore.Example/Startup.cs

Lines changed: 73 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,8 @@ namespace WebEid.AspNetCore.Example
3838
using System.Threading.Tasks;
3939
using Microsoft.AspNetCore.Http;
4040
using Microsoft.AspNetCore.Mvc;
41-
41+
using System.Net;
42+
4243
public class Startup
4344
{
4445
public Startup(IConfiguration configuration, IWebHostEnvironment environment)
@@ -47,6 +48,8 @@ public Startup(IConfiguration configuration, IWebHostEnvironment environment)
4748
CurrentEnvironment = environment;
4849
}
4950

51+
private static ILogger logger;
52+
5053
private IConfiguration Configuration { get; }
5154
private IWebHostEnvironment CurrentEnvironment { get; }
5255

@@ -57,7 +60,7 @@ public void ConfigureServices(IServiceCollection services)
5760
{
5861
builder.AddConsole();
5962
});
60-
var logger = loggerFactory.CreateLogger("Web-eId ASP.NET Core Example");
63+
logger = loggerFactory.CreateLogger("Web-eId ASP.NET Core Example");
6164
services.AddSingleton(logger);
6265

6366
services.AddRazorPages(options =>
@@ -83,12 +86,20 @@ public void ConfigureServices(IServiceCollection services)
8386
options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute());
8487
});
8588

89+
var isLoopbackAddressWithHttpProtocol = IsLoopbackAddressWithHttpProtocol(Configuration);
8690
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
8791
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
8892
{
89-
options.Cookie.Name = "__Host-WebEid.AspNetCore.Example.Auth";
90-
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
91-
options.Cookie.SameSite = SameSiteMode.Strict;
93+
if (isLoopbackAddressWithHttpProtocol)
94+
{
95+
options.Cookie.Name = "WebEid.AspNetCore.Example.Auth";
96+
}
97+
else
98+
{
99+
options.Cookie.Name = "__Host-WebEid.AspNetCore.Example.Auth";
100+
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
101+
}
102+
options.Cookie.SameSite = SameSiteMode.Strict;
92103
options.Events.OnRedirectToLogin = context =>
93104
{
94105
context.Response.Redirect("/");
@@ -103,8 +114,15 @@ public void ConfigureServices(IServiceCollection services)
103114

104115
services.AddSession(options =>
105116
{
106-
options.Cookie.Name = "__Host-WebEid.AspNetCore.Example.Session";
107-
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
117+
if (isLoopbackAddressWithHttpProtocol)
118+
{
119+
options.Cookie.Name = "WebEid.AspNetCore.Example.Auth";
120+
}
121+
else
122+
{
123+
options.Cookie.Name = "__Host-WebEid.AspNetCore.Example.Session";
124+
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
125+
}
108126
options.Cookie.SameSite = SameSiteMode.Strict;
109127
options.IdleTimeout = TimeSpan.FromSeconds(60);
110128
options.Cookie.IsEssential = true;
@@ -124,10 +142,13 @@ public void ConfigureServices(IServiceCollection services)
124142
services.AddSingleton<IChallengeNonceStore, SessionBackedChallengeNonceStore>();
125143
services.AddSingleton<IChallengeNonceGenerator, ChallengeNonceGenerator>();
126144

127-
services.AddAntiforgery(options =>
145+
if (!isLoopbackAddressWithHttpProtocol)
128146
{
129-
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
130-
});
147+
services.AddAntiforgery(options =>
148+
{
149+
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
150+
});
151+
}
131152

132153
// Add support for running behind a TLS terminating proxy.
133154
services.Configure<ForwardedHeadersOptions>(options =>
@@ -147,7 +168,23 @@ private static Uri GetOriginUrl(IConfiguration configuration)
147168
throw new ConfigurationErrorsException("OriginUrl is not configured");
148169
}
149170

150-
return new Uri(url);
171+
if (url.EndsWith("/"))
172+
{
173+
throw new ConfigurationErrorsException("Configuration parameter OriginUrl cannot end with '/': " + url);
174+
}
175+
176+
var uri = new Uri(url);
177+
178+
if (uri.Scheme.Equals("http") && IsLoopbackAddress(uri.Host))
179+
{
180+
var uriBuilder = new UriBuilder(uri);
181+
uriBuilder.Scheme = "https";
182+
var uriHttps = uriBuilder.Uri;
183+
logger.LogWarning("Configuration OriginUrl contains http protocol {}, which is not supported. Replacing it with secure {}", uri, uriHttps);
184+
uri = uriHttps;
185+
}
186+
187+
return uri;
151188
}
152189

153190
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
@@ -180,5 +217,30 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
180217
endpoints.MapControllers();
181218
});
182219
}
220+
221+
private static bool IsLoopbackAddressWithHttpProtocol(IConfiguration configuration)
222+
{
223+
string originUrl = configuration["OriginUrl"];
224+
return originUrl.StartsWith("http:") && IsLoopbackAddress(new Uri(originUrl).Host);
225+
}
226+
227+
private static bool IsLoopbackAddress(string host)
228+
{
229+
if (string.IsNullOrEmpty(host)) return false;
230+
231+
if (host.Equals("localhost", StringComparison.OrdinalIgnoreCase))
232+
{
233+
return true;
234+
}
235+
236+
if (IPAddress.TryParse(host, out IPAddress ipAddress))
237+
{
238+
return IPAddress.IsLoopback(ipAddress);
239+
}
240+
241+
return false;
242+
}
243+
183244
}
245+
184246
}

0 commit comments

Comments
 (0)