public async Task OnConnectionAsync(ConnectionFilterContext context)
{
try
{
await _previousFilter.OnConnectionAsync(context);
}
catch (System.IO.IOException ioEx)
{
//compares by exception message for the time being, but needs a better solution
//SSL Certificate error
if (!ioEx.Message.Equals("Authentication failed because the remote party has closed the transport stream."))
{
//throw ioEx; //do something
}
//non-SSL request
if (!ioEx.Message.Equals("The handshake failed due to an unexpected packet format."))
{
//throw ioEx; //do something
}
throw ioEx;
}
}
public async Task OnConnectionAsync(ConnectionFilterContext context)
{
await _previous.OnConnectionAsync(context);
if (string.Equals(context.Address.Scheme, "https", StringComparison.OrdinalIgnoreCase))
{
}
}
public async Task OnConnectionAsync(ConnectionFilterContext context)
{
await _previous.OnConnectionAsync(context);
if (string.Equals(context.Address.Scheme, "https", StringComparison.OrdinalIgnoreCase))
{
var connection = new StreamPipelineConnection(_factory, context.Connection);
var secure = _listener.CreateSecurePipeline(connection);
await secure.HandshakeComplete;
context.Connection = secure.GetStream();
}
}
public async Task OnConnectionAsync(ConnectionFilterContext context)
{
await _previous.OnConnectionAsync(context);
var previousRequest = context.PrepareRequest;
var feature = new WindowsAuthFeature();
var wrapper = new WindowsAuthStreamWrapper(context.Connection, feature);
context.Connection = wrapper;
context.PrepareRequest = features =>
{
previousRequest?.Invoke(features);
features.Set(((WindowsAuthStreamWrapper)context.Connection).AuthFeature);
};
}
public async Task OnConnectionAsync(ConnectionFilterContext context)
{
var connection = context.Connection;
var back2Back = new BackToBackStream(connection);
context.Connection = back2Back;
await _previous.OnConnectionAsync(context);
var previousRequest = context.PrepareRequest;
context.PrepareRequest = features =>
{
previousRequest?.Invoke(features);
};
}
public async Task OnConnectionAsync(ConnectionFilterContext context)
{
await _previous.OnConnectionAsync(context);
var previousRequest = context.PrepareRequest;
var firstByte = new byte[1];
await context.Connection.ReadAsync(firstByte, 0, 1);
if (firstByte[0] == 0x16)
{
context.Address = ServerAddress.FromUrl($"https://{context.Address.Host}:{context.Address.Port}");
}
var connection = context.Connection;
var back2Back = new BackToBackStream(firstByte[0], connection);
context.Connection = back2Back;
context.PrepareRequest = features =>
{
previousRequest?.Invoke(features);
};
}
public async Task OnConnectionAsync(ConnectionFilterContext context)
{
await _previous.OnConnectionAsync(context);
if (string.Equals(context.Address.Scheme, "https", StringComparison.OrdinalIgnoreCase))
{
X509Certificate2 clientCertificate = null;
SslStream sslStream;
if (_options.ClientCertificateMode == ClientCertificateMode.NoCertificate)
{
sslStream = new SslStream(context.Connection);
await sslStream.AuthenticateAsServerAsync(_options.ServerCertificate, clientCertificateRequired : false,
enabledSslProtocols : _options.SslProtocols, checkCertificateRevocation : _options.CheckCertificateRevocation);
}
else
{
sslStream = new SslStream(context.Connection, leaveInnerStreamOpen: false,
userCertificateValidationCallback: (sender, certificate, chain, sslPolicyErrors) =>
{
if (certificate == null)
{
return(_options.ClientCertificateMode != ClientCertificateMode.RequireCertificate);
}
if (_options.ClientCertificateValidation == null)
{
if (sslPolicyErrors != SslPolicyErrors.None)
{
return(false);
}
}
X509Certificate2 certificate2 = certificate as X509Certificate2;
if (certificate2 == null)
{
#if NETSTANDARD1_3
// conversion X509Certificate to X509Certificate2 not supported
// https://github.com/dotnet/corefx/issues/4510
return(false);
#else
certificate2 = new X509Certificate2(certificate);
#endif
}
if (_options.ClientCertificateValidation != null)
{
if (!_options.ClientCertificateValidation(certificate2, chain, sslPolicyErrors))
{
return(false);
}
}
clientCertificate = certificate2;
return(true);
});
await sslStream.AuthenticateAsServerAsync(_options.ServerCertificate, clientCertificateRequired : true,
enabledSslProtocols : _options.SslProtocols, checkCertificateRevocation : _options.CheckCertificateRevocation);
}
var previousPrepareRequest = context.PrepareRequest;
context.PrepareRequest = features =>
{
previousPrepareRequest?.Invoke(features);
if (clientCertificate != null)
{
features.Set <ITlsConnectionFeature>(new TlsConnectionFeature {
ClientCertificate = clientCertificate
});
}
features.Get <IHttpRequestFeature>().Scheme = "https";
};
context.Connection = sslStream;
}
}
public async Task OnConnectionAsync(ConnectionFilterContext context)
{
await _previous.OnConnectionAsync(context);
context.Connection = new LoggingStream(context.Connection, _logger);
}
public async Task OnConnectionAsync(ConnectionFilterContext context)
{
await _previous.OnConnectionAsync(context);
if (string.Equals(context.Address.Scheme, "https", StringComparison.OrdinalIgnoreCase))
{
SslStream sslStream;
if (_options.ClientCertificateMode == ClientCertificateMode.NoCertificate)
{
sslStream = new SslStream(context.Connection);
await sslStream.AuthenticateAsServerAsync(_options.ServerCertificate, clientCertificateRequired : false,
enabledSslProtocols : _options.SslProtocols, checkCertificateRevocation : _options.CheckCertificateRevocation);
}
else
{
sslStream = new SslStream(context.Connection, leaveInnerStreamOpen: false,
userCertificateValidationCallback: (sender, certificate, chain, sslPolicyErrors) =>
{
if (certificate == null)
{
return(_options.ClientCertificateMode != ClientCertificateMode.RequireCertificate);
}
if (_options.ClientCertificateValidation == null)
{
if (sslPolicyErrors != SslPolicyErrors.None)
{
return(false);
}
}
var certificate2 = ConvertToX509Certificate2(certificate);
if (certificate2 == null)
{
return(false);
}
if (_options.ClientCertificateValidation != null)
{
if (!_options.ClientCertificateValidation(certificate2, chain, sslPolicyErrors))
{
return(false);
}
}
return(true);
});
await sslStream.AuthenticateAsServerAsync(_options.ServerCertificate, clientCertificateRequired : true,
enabledSslProtocols : _options.SslProtocols, checkCertificateRevocation : _options.CheckCertificateRevocation);
}
var previousPrepareRequest = context.PrepareRequest;
context.PrepareRequest = features =>
{
previousPrepareRequest?.Invoke(features);
var clientCertificate = ConvertToX509Certificate2(sslStream.RemoteCertificate);
if (clientCertificate != null)
{
features.Set <ITlsConnectionFeature>(new TlsConnectionFeature {
ClientCertificate = clientCertificate
});
}
features.Get <IHttpRequestFeature>().Scheme = "https";
};
context.Connection = sslStream;
}
}
