private async Task<TenantInstance> GetTenantInstance(IOwinRequest request) { var requestIdentifier = configuration.IdentificationStrategy(request); if (requestIdentifier == null) { throw new InvalidOperationException("The identification strategy did not return an identifier for the request."); } var instance = runningInstances.Get(requestIdentifier); if (instance != null) { Log("Instance for '{0}' is already running.", requestIdentifier); return instance; } Log("Instance for '{0}' not running. Resolving tenant.", requestIdentifier); var tenant = await configuration.TenantResolver.Resolve(requestIdentifier); if (tenant != null) { Log("Tenant found with identifiers '{0}'", string.Join(",", tenant.RequestIdentifiers)); instance = StartInstance(tenant); } return instance; }
public AuthenticationRepository(IOwinContext owinContext) { userManager = owinContext.GetUserManager<ApplicationUserManager>(); roleManager = owinContext.Get<ApplicationRoleManager>(); authenticationManager = owinContext.Authentication; request = owinContext.Request; }
public async Task<AuthenticationTicket> ValidateTicket(IOwinRequest request, IOwinContext context, HttpClient httpClient, string ticket, AuthenticationProperties properties, string service) { // Now, we need to get the ticket validated string validateUrl = _options.CasServerUrlBase + "/validate" + "?service=" + service + "&ticket=" + Uri.EscapeDataString(ticket); HttpResponseMessage response = await httpClient.GetAsync(validateUrl, request.CallCancelled); response.EnsureSuccessStatusCode(); string responseBody = await response.Content.ReadAsStringAsync(); String validatedUserName = null; var responseParts = responseBody.Split('\n'); if (responseParts.Length >= 2 && responseParts[0] == "yes") validatedUserName = responseParts[1]; if (!String.IsNullOrEmpty(validatedUserName)) { var identity = new ClaimsIdentity(_options.AuthenticationType); identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, validatedUserName, "http://www.w3.org/2001/XMLSchema#string", _options.AuthenticationType)); identity.AddClaim(new Claim(ClaimTypes.Name, validatedUserName, "http://www.w3.org/2001/XMLSchema#string", _options.AuthenticationType)); var authenticatedContext = new CasAuthenticatedContext(context, identity, properties); await _options.Provider.Authenticated(authenticatedContext); return new AuthenticationTicket(authenticatedContext.Identity, authenticatedContext.Properties); } return new AuthenticationTicket(null, properties); }
public async Task<System.Web.Cors.CorsPolicy> GetCorsPolicyAsync(IOwinRequest request) { var path = request.Path.ToString(); var origin = request.Headers["Origin"]; // see if the Origin is different than this server's origin. if so // that indicates a proper CORS request var ctx = new OwinContext(request.Environment); // using GetIdentityServerHost takes into account a configured PublicOrigin var thisOrigin = ctx.GetIdentityServerHost(); if (origin != null && origin != thisOrigin) { if (IsPathAllowed(request)) { Logger.InfoFormat("CORS request made for path: {0} from origin: {1}", path, origin); if (await IsOriginAllowed(origin, request.Environment)) { Logger.Info("CorsPolicyService allowed origin"); return Allow(origin); } else { Logger.Info("CorsPolicyService did not allow origin"); } } else { Logger.InfoFormat("CORS request made for path: {0} from origin: {1} but rejected because invalid CORS path", path, origin); } } return null; }
private void Inbound(IOwinRequest request, string beforeValue) { if (beforeValue != null) { RouteParams.Set(request.Environment, inRouteParam, beforeValue); } }
public async Task<System.Web.Cors.CorsPolicy> GetCorsPolicyAsync(IOwinRequest request) { var path = request.Path.ToString(); var origin = request.Headers["Origin"]; // see if the Origin is different than this server's origin. if so // that indicates a proper CORS request var thisOrigin = request.Uri.Scheme + "://" + request.Uri.Authority; if (origin != null && origin != thisOrigin) { if (IsPathAllowed(request)) { Logger.InfoFormat("CORS request made for path: {0} from origin: {1}", path, origin); if (await IsOriginAllowed(origin, request.Environment)) { Logger.Info("CorsPolicyService allowed origin"); return Allow(origin); } else { Logger.Info("CorsPolicyService did not allow origin"); } } else { Logger.WarnFormat("CORS request made for path: {0} from origin: {1} but rejected because invalid CORS path", path, origin); } } return null; }
public StaticFileContext(IOwinContext context, StaticFileOptions options, PathString matchUrl) { _context = context; _options = options; _matchUrl = matchUrl; _request = context.Request; _response = context.Response; _method = null; _isGet = false; _isHead = false; _subPath = PathString.Empty; _contentType = null; _fileInfo = null; _length = 0; _lastModified = new DateTime(); _etag = null; _etagQuoted = null; _lastModifiedString = null; _ifMatchState = PreconditionState.Unspecified; _ifNoneMatchState = PreconditionState.Unspecified; _ifModifiedSinceState = PreconditionState.Unspecified; _ifUnmodifiedSinceState = PreconditionState.Unspecified; _ranges = null; }
public static string CheckRequiredRequestParameter(IOwinRequest request, IList<string> errors, string name) { if (string.IsNullOrEmpty(request.Query[name])) { errors.Add(string.Format("required property '{0}' is missing from metadata", name)); } return request.Query[name]; }
private static ScimVersion GetScimVersion(IOwinRequest request, ScimServerConfiguration serverConfiguration) { var result = _VersionRegex.Match(request.Path.ToString()); if (result.Success) return new ScimVersion(result.Groups[1].Value); // e.g. groups[] -> /v0/, v0 return serverConfiguration.DefaultScimVersion; }
private Boolean allowCompress(IOwinRequest req) { if (!EnableCompress) return false; var acceptEncoding = req.Headers.Get("Accept-Encoding"); if (acceptEncoding == null) return false; return acceptEncoding.Contains("gzip"); }
public OwinContext(IDictionary<string, object> data) { this.data = data; request = new OwinRequest(data); response = new OwinResponse(data); ssl = new OwinSsl(data); host = new OwinHost(data); server = new OwinServer(data); }
public void Log(IOwinRequest request, IOwinResponse response, long responseTime) { var username = (string.IsNullOrEmpty(request.User?.Identity?.Name)) ? "-" : request.User.Identity.Name; var queryString = string.IsNullOrEmpty(request.QueryString.Value) ? "-" : request.QueryString.Value; var useragent = (request.Headers.Get("User-Agent") ?? "-").Replace(' ', '+'); var referer = request.Headers.Get("Referer") ?? "-"; var message = $"{DateTime.UtcNow:yyyy-MM-dd HH:mm:ss} {ApplicationName} {ComputerName} {request.LocalIpAddress} {request.Method} {request.Uri.GetLeftPart(UriPartial.Path)} {queryString} {request.LocalPort} {username} {request.RemoteIpAddress} {useragent} {referer} {response.StatusCode} 0 0 {responseTime}"; RequestLog.Warn(message); }
private static bool IsAjaxRequest(IOwinRequest request) { IReadableStringCollection query = request.Query; if ((query != null) && (query["X-Requested-With"] == "XMLHttpRequest")) { return true; } IHeaderDictionary headers = request.Headers; return ((headers != null) && (headers["X-Requested-With"] == "XMLHttpRequest")); }
internal static bool HasValidHeaders(IOwinRequest request) { if (request.Accept == null || !request.Accept.ToLowerInvariant().Contains(ApplicationJsonMediaType)) return false; if (!request.ContentType.ToLowerInvariant().StartsWith(ApplicationJsonMediaType)) return false; return true; }
public StaticCompressionContext(IDictionary<string, object> environment, StaticCompressionOptions options, IEncoding encoding, ICompressedStorage storage) { _environment = environment; _options = options; _encoding = encoding; _encodingSuffix = "^" + _encoding.Name; _encodingSuffixQuote = "^" + _encoding.Name + "\""; _storage = storage; _request = new OwinRequest(environment); _response = new OwinResponse(environment); }
public IRequest GetRequest(IOwinRequest request) { using (StreamReader sr = new StreamReader(request.Body)) { using (JsonReader reader = new JsonTextReader(sr)) { var iRequest = new Request(request.Query.Get("interface"), request.Query.Get("method"), JArray.Load(reader)); return iRequest; } } }
private static async Task LogRequest(IOwinRequest request) { var reqLog = new { Method = request.Method, Url = request.Uri.AbsoluteUri, Headers = request.Headers, Body = await request.ReadBodyAsStringAsync() }; Logger.Debug("HTTP Request" + Environment.NewLine + LogSerializer.Serialize(reqLog)); }
/// <summary> /// Resolves a tenant request using hostname /// </summary> /// <param name="request">The request</param> /// <returns>The tenant or null</returns> public ITenant Resolve(IOwinRequest request) { var httpContext = request.Context.Get<HttpContextWrapper>("System.Web.HttpContextBase"); var routeData = RouteTable.Routes.GetRouteData(httpContext); if (routeData == null || routeData.Values.ContainsKey(RouteName) == false) return Tenants.First(); var tenant = Tenants.FirstOrDefault(x => x.Name == routeData.Values[RouteName].ToString()); return tenant ?? Tenants.First(); }
private ICompressor GetCompressor(IOwinRequest request) { if(!request.Headers.ContainsKey(AcceptEncoding)) { return null; } return (from c in compressors from e in request.Headers.GetCommaSeparatedValues(AcceptEncoding).Select(x => StringWithQualityHeaderValue.Parse(x)) orderby e.Quality descending where string.Compare(c.ContentEncoding, e.Value, StringComparison.InvariantCultureIgnoreCase) == 0 select c).FirstOrDefault(); }
public async Task<WebApiLogger> ExtractRequestParameters(IOwinRequest request) { logEntry.RequestHeaders = await request.RequestHeadersToJsonString(); logEntry.RequestContentBody = await request.RequestBodyToString(); logEntry.RequestContentType = request.ContentType; logEntry.RequestIpAddress = request.RemoteIpAddress; logEntry.RequestMethod = request.Method; logEntry.RequestRouteData = ""; logEntry.RequestRouteTemplate = ""; logEntry.RequestUri = request.Uri.AbsoluteUri; return this; }
/// <summary> /// 处理多段表单数据 /// </summary> /// <param name="req"></param> /// <param name="parameterHandler"></param> /// <param name="fileHandler"></param> public static void HandleMultipartData(IOwinRequest req, StreamingMultipartFormDataParser.ParameterDelegate parameterHandler, StreamingMultipartFormDataParser.FileStreamDelegate fileHandler, StreamingMultipartFormDataParser.StreamClosedDelegate streamClosedDelegate = null) { if (!req.ContentType.StartsWith("multipart/form-data;")) throw new ArgumentException("'ContentType' not start with 'multipart/form-data;'."); var parser = new StreamingMultipartFormDataParser(req.Body); parser.ParameterHandler = parameterHandler; parser.FileHandler = fileHandler; parser.StreamClosedHandler = streamClosedDelegate; parser.Run(); }
private bool TryIsValidRequest(IOwinRequest request, out string requestAppId) { requestAppId = null; AuthenticationHeaderValue authHeader; if (!AuthenticationHeaderValue.TryParse(request.Headers["Authorization"], out authHeader) || authHeader.Scheme != "SOW") { return false; } var parameters = authHeader.Parameter.Split(':'); if (parameters.Length != 3) { return false; } requestAppId = parameters[0]; var requestSignature = parameters[1]; var requestTimeStamp = parameters[2]; var apiKey = _appKeyProvider.GetKey(requestAppId); if (apiKey == null) { return false; } // TODO check replay request // Compute hash var requestContent = string.Empty; var hash = ComputeHash(request); if (hash != null) { requestContent = Convert.ToBase64String(hash); } var requestMethod = request.Method; var requestUri = WebUtility.UrlEncode(request.Uri.ToString().ToLowerInvariant()); var hmacData = string.Concat(requestAppId, requestMethod, requestUri, requestTimeStamp, requestContent); var secretKeyBytes = Convert.FromBase64String(apiKey); var signature = Encoding.UTF8.GetBytes(hmacData); using (var hmac = new HMACSHA256(secretKeyBytes)) { var signatureBytes = hmac.ComputeHash(signature); var signatureString = Convert.ToBase64String(signatureBytes); return requestSignature.Equals(signatureString, StringComparison.Ordinal); } }
private bool ClientCached(IOwinRequest request, DateTime contentModified) { string header = request.Headers["If-Modified-Since"]; if (header != null) { DateTime isModifiedSince; if (DateTime.TryParse(header, out isModifiedSince)) { return isModifiedSince >= contentModified.AddSeconds(-1); } } return false; }
private string CaptureRequest(IOwinRequest request) { string body; using (var sr = new StreamReader(request.Body)) body = sr.ReadToEnd(); request.Body = new MemoryStream(Encoding.UTF8.GetBytes(body)); if (_capturedRequests != null) { var method = (Http)Enum.Parse(typeof(Http), request.Method, true); var url = request.Uri.GetComponents(UriComponents.PathAndQuery, UriFormat.Unescaped); _capturedRequests.Add(new HttpRequestExpectation(method, url, body)); } return body; }
private void SetRequestId(IOwinRequest request) { string requestId; string[] requestIds; if (request.Headers.TryGetValue(RequestIdHeaderName, out requestIds) && requestIds != null && requestIds.Length > 0) { requestId = requestIds[0]; } else { requestId = Guid.NewGuid().ToString(); } HttpContext.Current.Items[RequestIdHeaderName] = requestId; }
internal OwinThrottleLogEntry ComputeLogEntry(string requestId, RequestIdentity identity, ThrottleCounter throttleCounter, string rateLimitPeriod, long rateLimit, IOwinRequest request) { return new OwinThrottleLogEntry { ClientIp = identity.ClientIp, ClientKey = identity.ClientKey, Endpoint = identity.Endpoint, LogDate = DateTime.UtcNow, RateLimit = rateLimit, RateLimitPeriod = rateLimitPeriod, RequestId = requestId, StartPeriod = throttleCounter.Timestamp, TotalRequests = throttleCounter.TotalRequests, Request = request }; }
public IPrincipal AuthenticateRequest(IOwinRequest request) { var clientKey = request.Headers[ApiKeyHeader]; if (string.IsNullOrWhiteSpace(clientKey)) return null; var user = Store.FindByKey(clientKey); if (user == null) { throw new AuthenticationException("Invalid API key."); } return new GenericPrincipal( new GenericIdentity(user.Username, typeof(LuceneApiKeyAuthentication).Name), user.Roles.ToArray()); }
protected override RequestIdentity SetIndentity(IOwinRequest request) { string clientKey = "NOT_" + IS_AUTHENTICATE; if (request.Context.Authentication.User != null && !String.IsNullOrWhiteSpace(request.Context.Authentication.User.Identity.Name) && request.Context.Authentication.User.Identity.IsAuthenticated) clientKey = IS_AUTHENTICATE; #if DEBUG || DEV Log.InfoLogger.Info(String.Format("Throttling --- Client IP is {0}", request.RemoteIpAddress)); #endif return new RequestIdentity() { ClientKey = clientKey, ClientIp = request.RemoteIpAddress, Endpoint = request.Uri.AbsolutePath.ToLowerInvariant() }; }
internal static async Task<RequestPayload> ReadFrom(IOwinRequest request) { // read the payload var payload = await new StreamReader(request.Body).ReadToEndAsync(); try { // read the payload as JSON var credentials = JsonConvert.DeserializeObject<RequestPayload>(payload); return credentials; } catch { // not a valid credentials JSON object return null; } }
internal static IDictionary<string, string> GetCookies(IOwinRequest request) { var cookies = request.GetEnvironmentValue<IDictionary<string, string>>("Microsoft.Owin.Cookies#dictionary"); if (cookies == null) { cookies = new Dictionary<string, string>(StringComparer.Ordinal); request.SetEnvironmentValue("Microsoft.Owin.Cookies#dictionary", cookies); } string text = request.Headers.GetValue("Cookie"); ; if (request.GetEnvironmentValue<string>("Microsoft.Owin.Cookies#text") != text) { cookies.Clear(); ParseDelimited(text, SemicolonAndComma, AddCookieCallback, cookies); request.SetEnvironmentValue("Microsoft.Owin.Cookies#text",text); } return cookies; }
/// <summary> /// Verify the request /// </summary> /// <param name="request">Websocket request</param> /// <returns>True if the request is authenticated else false to throw unauthenticated and deny the connection</returns> public virtual bool AuthenticateRequest(IOwinRequest request) { return(true); }
public async Task <RequestSignatureVerificationResult> VerifySignature(IOwinRequest request, SignedHttpRequestAuthenticationOptions options) { if (request == null) { throw new ArgumentNullException(nameof(request)); } if (options == null) { throw new ArgumentNullException(nameof(options)); } Client client = null; Signature signature = null; try { signature = _signatureParser.Parse(request, options); var eventTask = options.OnSignatureParsed; if (eventTask != null) { await eventTask.Invoke(request, signature).ConfigureAwait(false); } try { signature.Validate(); } catch (ValidationException ex) { throw new InvalidSignatureException( "The signature is invalid. See inner exception.", ex); } client = await _clientStore.Get(signature.KeyId).ConfigureAwait(false); if (client == null) { var failure = SignatureVerificationFailure.InvalidClient($"No {nameof(Client)}s with id '{signature.KeyId}' are registered in the server store."); _logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Code, failure.Message); return(new RequestSignatureVerificationResultFailure(client, signature, failure)); } var requestForSigning = request.ToHttpRequestForSigning(); var verificationFailure = await _signatureVerifier.VerifySignature(requestForSigning, signature, client).ConfigureAwait(false); var verificationResultCreator = _verificationResultCreatorFactory.Create(client, signature); var result = verificationFailure == null ? verificationResultCreator.CreateForSuccess() : verificationResultCreator.CreateForFailure(verificationFailure); if (result is RequestSignatureVerificationResultSuccess success) { _logger?.LogDebug($"Request signature verification succeeded for principal {success.Principal?.Identity?.Name ?? "[null]"}."); } else if (result is RequestSignatureVerificationResultFailure failure) { _logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Failure.Code, failure.Failure.Message); } return(result); } catch (InvalidSignatureException ex) { var failure = SignatureVerificationFailure.InvalidSignature(ex.Message, ex); _logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Code, failure.Message); return(new RequestSignatureVerificationResultFailure(client, signature, failure)); } }
protected internal string GetRequestUri(IOwinRequest request) { string scheme = request.Scheme; if (request.Headers.TryGetValue("X-Forwarded-Proto", out string[] headerScheme))
public ReadAllStreamMessageOptions(IOwinRequest request) { Position = long.Parse(request.Path.Value.Remove(0, 1)); }
public static bool IsPutMethod(this IOwinRequest request) { return(string.Equals("PUT", request.Method, StringComparison.OrdinalIgnoreCase)); }
public MockOwinContextBuilder WithRequest(IOwinRequest request) { _context.Request = request; return(this); }
public BackOfficeSignInManager(UserManager <BackOfficeIdentityUser, int> userManager, IAuthenticationManager authenticationManager, ILogger logger, IGlobalSettings globalSettings, IOwinRequest request) : base(userManager, authenticationManager) { if (logger == null) { throw new ArgumentNullException("logger"); } if (request == null) { throw new ArgumentNullException("request"); } _logger = logger; _request = request; _globalSettings = globalSettings; AuthenticationType = Constants.Security.BackOfficeAuthenticationType; }
public override Task <bool> AuthenticateRequestAsync(IOwinRequest request) { return(Task.FromResult(true)); }
/// <summary> /// MapAsync IOwinRequest to RequestMessage /// </summary> /// <param name="request"></param> /// <returns></returns> public async Task <RequestMessage> MapAsync( #if !USE_ASPNETCORE IOwinRequest request
protected virtual string GetMultiSiteRedirectUri(string currentRedirectUri, IOwinRequest request) { return(VippsHelpers.GetMultiSiteRedirectUri(currentRedirectUri, request)); }
public override bool AuthenticateRequest(IOwinRequest request) { return(true); }
private Uri GetRedirectUri(IOwinRequest request) { var requestProtoAndHost = request.GetRealRequestScheme() + "://" + request.Host; return(new Uri(requestProtoAndHost + request.PathBase + Options.ReturnEndpointPath)); }
protected virtual bool IsBundleRequest(IOwinRequest request) { var path = "~" + request.Path; return(BundleTable.Bundles.Any(b => b.Path.Equals(path, StringComparison.OrdinalIgnoreCase))); }
protected virtual bool IsStorefrontRequest(IOwinRequest request) { return(!OwinIgnorePathsStrings.Any(p => request.Path.StartsWithSegments(p))); }
public void MapRequest(IOwinRequest request) { }
public static string LinkTo(this IOwinRequest request, string link) { return(request.PathBase + link); }
protected virtual AuthenticationTicket Authenticate(IOwinRequest request, MobileAppAuthenticationOptions options) { if (request == null) { throw new ArgumentNullException("request"); } if (options == null) { throw new ArgumentNullException("options"); } string token; try { ClaimsIdentity claimsIdentity = null; // We do not want any existing User to flow through. request.User = null; // If there is an auth token specified then validate it. token = request.Headers.Get(AuthenticationHeaderName); if (!string.IsNullOrEmpty(token)) { ClaimsPrincipal claimsPrincipal; bool tokenIsValid = this.TryParseLoginToken(token, options, out claimsPrincipal); if (!tokenIsValid) { this.logger.WriteInformation(RResources.Authentication_InvalidToken); return(null); } claimsIdentity = claimsPrincipal.Identity as ClaimsIdentity; if (claimsIdentity == null) { this.logger.WriteError(RResources.Authentication_InvalidIdentity .FormatForUser(typeof(IIdentity).Name, typeof(ClaimsIdentity).Name, claimsPrincipal.Identity != null ? claimsPrincipal.Identity.GetType().Name : "unknown")); return(null); } } else { claimsIdentity = new ClaimsIdentity(); } // Set the user for the current request request.User = this.tokenUtility.CreateServiceUser(claimsIdentity, token); } catch (Exception ex) { this.logger.WriteError(RResources.Authentication_Error.FormatForUser(ex.Message), ex); } // If you return an actual AuthenticationTicket, Katana will create a new ClaimsIdentity and set // that to Request.User, which overwrites our MobileAppUser. By setting Request.User ourselves and // returning null, that step is skipped and the current user remains a MobileAppUser. return(null); }
/// <summary> /// Resolves a tenant request using hostname /// </summary> /// <param name="request">The request</param> /// <returns>The tenant or null</returns> public ITenant Resolve(IOwinRequest request) { return(PublicMethods.get_current_tenant(request, Tenants)); }
public Task <CorsPolicy> GetCorsPolicyAsync(IOwinRequest request) { return(Task.FromResult(_policy)); }
private static bool IsBackOfficeRequest(IOwinRequest request) { return((bool)typeof(UriExtensions).CallStaticMethod("IsBackOfficeRequest", request.Uri, HttpRuntime.AppDomainAppVirtualPath)); }
private static bool IsApiRequest(IOwinRequest request) { string apiPath = VirtualPathUtility.ToAbsolute("~/api/"); return(request.Uri.LocalPath.StartsWith(apiPath)); }
private static bool IsInstallerRequest(IOwinRequest request) { return((bool)typeof(UriExtensions).CallStaticMethod("IsInstallerRequest", request.Uri)); }
/// <summary> /// Retrieves the <see cref="Session.Token"/> from the specified <paramref name="request"/>. /// </summary> /// <param name="request">The <see cref="IOwinRequest"/> from which to retrieve the Session Token cookie.</param> /// <returns>The <see cref="Session.Token"/>, if present.</returns> private string GetSessionToken(IOwinRequest request) { return(request.Cookies[WebApiConstants.SessionTokenCookieName]); }
private static bool HasPreviewCookie(IOwinRequest request) { return(request.Cookies[Constants.Web.PreviewCookieName] != null); }
private static bool IsApiRequest(IOwinRequest request) { string apiPath = VirtualPathUtility.ToAbsolute("~/Api/"); return(request.Uri.LocalPath.StartsWith(apiPath, StringComparison.OrdinalIgnoreCase)); }
public ProxyUri(IOwinRequest _request) { this._rawUri = _request.Uri; this._query = _request.Query.ToDictionary(p => p.Key, p => p.Value.FirstOrDefault()); }
public new AuthenticationTicket Authenticate(IOwinRequest request, AppServiceAuthenticationOptions options) { return(base.Authenticate(request, options)); }
public static bool ExpectsHtml(this IOwinRequest request) { return(request.Accept.ToLower().Contains("html")); }
public void SendAsync_Preflight_ReturnsAllowMethodsAndAllowHeaders(string policyOrigin, string requestedMethod, string expectedOrigin, string requestedHeaders) { IAppBuilder builder = new AppBuilder(); var policy = new CorsPolicy { AllowAnyHeader = true, AllowAnyMethod = true }; if (policyOrigin == "*") { policy.AllowAnyOrigin = true; } else { foreach (var o in policyOrigin.Split(',')) { policy.Origins.Add(o.Trim()); } } builder.UseCors(new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = context => Task.FromResult(policy) } }); builder.Use((context, next) => Task.FromResult <object>(null)); var app = (AppFunc)builder.Build(typeof(AppFunc)); IOwinRequest request = CreateRequest("http://localhost/sample"); request.Method = "OPTIONS"; request.Headers.Set(CorsConstants.Origin, "http://localhost"); request.Headers.Set(CorsConstants.AccessControlRequestMethod, requestedMethod); request.Headers.Set(CorsConstants.AccessControlRequestHeaders, requestedHeaders); app(request.Environment).Wait(); var response = new OwinResponse(request.Environment); string origin = response.Headers.Get(CorsConstants.AccessControlAllowOrigin); string allowMethod = response.Headers.Get(CorsConstants.AccessControlAllowMethods); string[] allowHeaders = response.Headers.Get(CorsConstants.AccessControlAllowHeaders).Split(','); string[] requestedHeaderArray = requestedHeaders.Split(','); Assert.Equal(200, response.StatusCode); Assert.Equal(expectedOrigin, origin); Assert.Equal(requestedMethod, allowMethod); foreach (var requestedHeader in requestedHeaderArray) { Assert.Contains(requestedHeader, allowHeaders); } request = CreateRequest("http://localhost/sample"); request.Method = requestedMethod; request.Headers.Set(CorsConstants.Origin, "http://localhost"); foreach (var requestedHeader in requestedHeaderArray) { request.Headers.Set(requestedHeader, requestedHeader); } app(request.Environment).Wait(); response = new OwinResponse(request.Environment); Assert.Equal(200, response.StatusCode); Assert.Equal(expectedOrigin, origin); }
internal override string TransformHtml(string html, IOwinRequest request)