protected virtual void Dispose(bool disposing)
{
if (!disposing)
{
return;
}
if (_context == null)
{
return;
}
_context.Dispose();
_context = null;
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, PABUserContext pabUserContext)
{
var https = Convert.ToBoolean(_configuration["Https:RequireHttpsMetadata"]);
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseWebApiExceptionHandler();
}
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
//browser will force user to https even if user removes the (s).
//HTTP Strict Transport Security (HSTS)
//if (https)
//{
// app.UseHsts(options => options.MaxAge(365).IncludeSubdomains());
//}
//X-Content-Type-Options
app.UseXContentTypeOptions();
app.UseReferrerPolicy(opts => opts.NoReferrer());
/* Uncomment later */
//redirects to https or secure port
//var options = new RewriteOptions()
// .AddRedirectToHttps(StatusCodes.Status301MovedPermanently, 63423);
//app.UseRewriter(options);
MigrateInMemoryDataToSqlServer(app);
// for Content-Security-Policy
//app.UseCsp(opts => opts
// .BlockAllMixedContent()
// .StyleSources(s => s.Self())
// .StyleSources(s => s.UnsafeInline())
// .FontSources(s => s.Self())
// .FormActions(s => s.Self())
// .FrameAncestors(s => s.Self())
// .ImageSources(s => s.Self())
// .ScriptSources(s => s.Self())
//);
app.Use(async(context, next) =>
{
context.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN");
await next();
});
app.UseStatusCodePages();
pabUserContext.Database.Migrate();
app.UseIdentityServer();
app.UseStaticFiles();
//X-XSS-Protection
app.UseXXssProtection(options => options.EnabledWithBlockMode());
app.UseXfo(xfo => xfo.Deny());
app.UseMvcWithDefaultRoute();
}
public PABUserRepository(PABUserContext context)
{
_context = context;
}
